Java Engineer – Application Security Remediation

Java Engineer Application Security Remediation

About the Role

We are seeking a Java Engineer with strong expertise in secure coding vulnerability management and application hardening. You will be responsible for analyzing fixing and validating vulnerabilities across our Java-based & based applications.

This role involves working closely with security QA and platform teams to ensure that all identified vulnerabilities are remediated effectively and that our software meets modern security standards.

Key Responsibilities

• Analyze and fix vulnerabilities detected via SAST DAST and dependency analysis tools such as SonarQube Veracode Snyk or Checkmarx.
• Refactor code to mitigate risks like SQL Injection XXE deserialization attacks XSS CSRF and authentication flaws.
• Patch and upgrade vulnerable third-party libraries and dependencies (Maven/Gradle).
• Collaborate with InfoSec and DevOps to validate and re-test remediations.
• Perform secure code reviews and recommend best practices to developers.
• Enhance Spring Boot REST API and microservices security configurations.
• Contribute to improving automation in CI/CD for continuous vulnerability scanning.
• Stay current with the OWASP Top 10 CWE/SANS 25 and Java security updates.

Required Skills

• Strong proficiency in Core Java Spring Boot and REST API development.
• Solid understanding of secure coding principles and application security fundamentals.
• Experience in remediating vulnerabilities identified by automated scanning tools.
• Familiarity with dependency management and patching libraries using Maven or Gradle.
• Hands-on experience with JWT/OAuth2 input validation and encryption techniques.
• Working knowledge of Docker Kubernetes or cloud security principles.

Preferred Qualifications

• Familiarity with DevSecOps pipelines and automated vulnerability management.
• Knowledge of static and dynamic code analysis tools.
• Experience with Spring Security and secure REST API design.
• Certifications such as CEH CSSLP or GIAC Secure Software Programmer (GSSP-Java).

Soft Skills

• Analytical and detail-oriented problem solver.
• Strong communication and documentation skills.
• Collaborative mindset to work across engineering security and operations teams.
• Commitment to building secure maintainable and high-quality applications.

Note: Momento USA is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex pregnancy sexual orientation gender identity national origin age protected veteran status or disability status.