Node JS developer with Vulnerability

Must Have: NodeJS vulnerability remediation and security Java

About the Role

We are seeking a highly skilled Node Engineer with expertise in secure coding vulnerability remediation and security automation.

The ideal candidate will have hands-on experience remediating vulnerabilities in Java and applications with a strong grasp of automation techniques and a proven ability to leverage Generative AI solutions such as AWS Bedrock to accelerate security workflows.

This role requires close collaboration with InfoSec QA DevOps and engineering teams to ensure application security posture is proactively strengthened through intelligent automation and continuous improvement.

Key Responsibilities

Analyze triage and remediate vulnerabilities identified via SAST DAST and software composition analysis tools such as SonarQube Veracode Snyk and Checkmarx.

Refactor insecure Java and codebases to mitigate vulnerabilities such as SQL Injection XXE XSS CSRF Deserialization and Authentication flaws.

Patch and upgrade vulnerable third-party dependencies using Maven/Gradle and validate post-remediation effectiveness.

Leverage Generative AI tools (e.g. AWS Bedrock) to build or enhance automation workflows for:

Auto-remediation of common vulnerability patterns

Code recommendations and patch generation

AI-driven security analysis and triage assistance

Automate vulnerability remediation and validation within CI/CD pipelines improving security velocity and reducing manual effort.

Strengthen security configurations in Spring Boot REST APIs services and Tomcat-based deployments.

Perform secure code reviews provide remediation guidance and promote secure coding best practices across development teams.

Collaborate with InfoSec and DevOps teams to validate fixes perform re-scans and close vulnerability tickets.

Stay current on security advisories OWASP Top 10 CWE/SANS 25 and Java/Tomcat ecosystem updates.

Required Skills

Strong hands-on experience with Core Java Spring Boot Tomcat and REST API development.

Proficiency in secure coding principles and application vulnerability remediation.

Experience remediating issues identified by tools like Veracode Checkmarx SonarQube or Snyk.

Knowledge of dependency management and patching practices using Maven or Gradle.

Familiarity with security configurations and remediation techniques.

Experience with OAuth2/JWT input validation encryption and secure session management.

Understanding of Docker Kubernetes and security considerations in cloud-native applications.

Preferred Qualifications

Experience with automating vulnerability remediation using GenAI platforms (e.g. AWS Bedrock Amazon CodeWhisperer).

Exposure to DevSecOps pipelines including automated security scans and policy enforcement.

Strong understanding of Spring Security secure API design and infrastructure hardening.

Certifications such as CEH CSSLP GSSP-Java or similar are a plus.

Soft Skills

• Strong analytical debugging and problem-solving skills.
• Excellent communication and documentation abilities.
• A collaborative mindset with the ability to work across security development and operations teams.
• Self-motivated and proactive in driving secure development practices and automation.

Note: Momento USA is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex pregnancy sexual orientation gender identity national origin age protected veteran status or disability status.