[Remote] Application Security Engineer – Java / Node.js
Note: The job is a remote job and is open to candidates in USA. The Giant Bullseye is seeking a Java / Node.js Engineer focused on application security remediation and automated vulnerability fixes. This role involves collaborating with InfoSec, QA, DevOps, and engineering teams to enhance security posture across multiple platforms.ResponsibilitiesTriage and remediate vulnerabilities from SAST, DAST, and SCA toolsSecure Java, Node.js, Ruby on Rails, and WordPress applications against common OWASP risksPatch and upgrade third-party dependencies and harden application configurationsValidate fixes through regression testing and user flow checksIntegrate automated security and remediation into CI/CD pipelinesBuild GenAI-assisted remediation workflows using AWS Bedrock or similar toolsReduce technical debt, modernize legacy components, and harden cloud, container, and OS environmentsCollaborate with InfoSec and QA teams to close security findings and rescansSkillsStrong hands-on experience with Java, Spring Boot, REST APIs, and secure codingProficiency in Node.js, Express.js, JavaScript/TypeScriptWorking knowledge of Ruby on Rails and WordPress securityExperience with Veracode, Checkmarx, SonarQube, Snyk, or similar toolsStrong understanding of OWASP vulnerabilities and mitigation techniquesExperience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWSHands-on experience integrating security into CI/CD pipelinesExposure to GenAI tools such as AWS Bedrock or CodeWhispererExperience with microservices, cloud-native security, and DevSecOpsFamiliarity with OWASP ASVS and threat modelingSecurity certifications (CEH, CSSLP, OSCP) a plusCompany OverviewThe Giant Bullseye is a fast-growing technology company that provides talent recruitment services to customers. It was founded in 2023, and is headquartered in new york, US, with a workforce of 11-50 employees. Its website is https://www.thegiantbullseye.com.