Application Security Engineer – Java / Node.js

The Giant Bullseye

Saint Louis, Missouri

JOB DETAILS
SKILLS
Amazon Web Services (AWS), Application Programming Interface (API), Applications Security, Automation, CEH - Certified Ethical Hacker, Cloud Computing, Computer Security, Continuous Deployment/Delivery, Continuous Integration, DevOps, Docker, Express.js, Information/Data Security (InfoSec), Java, JavaScript, Linux Operating System, Microservices, Multiplatform/Cross-Platform, Node.js, OAuth, Operating Systems, Quality Assurance, REST (Representational State Transfer), Regression Testing, Ruby on Rails, Secure Coding, Software Engineering, Threat Modeling, Wordpress
LOCATION
Saint Louis, Missouri
POSTED
30+ days ago

Overview
Seeking a Java / Node.js Engineer focused on application security remediation, technical debt reduction, and automated vulnerability fixes across multiple platforms. This role partners closely with InfoSec, QA, DevOps, and engineering teams to improve security posture using automation and GenAI-driven solutions.

Key Responsibilities
• Triage and remediate vulnerabilities from SAST, DAST, and SCA tools
• Secure Java, Node.js, Ruby on Rails, and WordPress applications against common OWASP risks
• Patch and upgrade third-party dependencies and harden application configurations
• Validate fixes through regression testing and user flow checks
• Integrate automated security and remediation into CI/CD pipelines
• Build GenAI-assisted remediation workflows using AWS Bedrock or similar tools
• Reduce technical debt, modernize legacy components, and harden cloud, container, and OS environments
• Collaborate with InfoSec and QA teams to close security findings and rescans

Required Skills & Experience
• Strong hands-on experience with Java, Spring Boot, REST APIs, and secure coding
• Proficiency in Node.js, Express.js, JavaScript/TypeScript
• Working knowledge of Ruby on Rails and WordPress security
• Experience with Veracode, Checkmarx, SonarQube, Snyk, or similar tools
• Strong understanding of OWASP vulnerabilities and mitigation techniques
• Experience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWS
• Hands-on experience integrating security into CI/CD pipelines
• Exposure to GenAI tools such as AWS Bedrock or CodeWhisperer

Preferred Qualifications
• Experience with microservices, cloud-native security, and DevSecOps
• Familiarity with OWASP ASVS and threat modeling
• Security certifications (CEH, CSSLP, OSCP) a plus

 

About the Company

T

The Giant Bullseye