Codebase Inc
Location:
(CA, TX, NY) or St. Louis MO (Hybrid)
Key Responsibilities Identify, triage, and remediate vulnerabilities detected through SAST, DAST, and dependency scanning tools (e.g., Snyk, SonarQube, Checkmarx, OWASP ZAP).
Apply secure coding principles and implement fixes for issues like XSS, CSRF, SQL Injection, SSRF, and command injection.
Refactor and harden existing Node.js/Express.js APIs for improved security and performance.
Update and manage dependencies to address known vulnerabilities using npm audit, Snyk, or similar tools.
Collaborate with the Security and QA teams to validate patches and verify that vulnerabilities have been fully resolved.
Improve CI/CD pipelines to automate vulnerability scans and security checks.
Document changes, maintain audit trails, and support re-scans post-fix validation.
Stay updated with Node.js security advisories, OWASP Top 10, and emerging threats.
Required Skills Experience with REST APIs, OAuth2/JWT, and secure session management.
Deep understanding of web application vulnerabilities and mitigation strategies.
Familiarity with Docker security, Linux hardening, and AWS cloud environments.
Hands‑on experience integrating security scans into CI/CD pipelines (Jenkins, GitHub Actions).
Preferred Qualifications Exposure to microservices architecture and API gateway security.
Knowledge of OWASP ASVS, CWE standards, or threat modeling frameworks.
Familiarity with DevSecOps practices.
Security-related certifications (e.g., CEH, CSSLP, OWASP Practitioner) are a plus.
Soft Skills Excellent problem‑solving and debugging skills.
Strong collaboration with cross‑functional engineering and InfoSec teams.
Proactive and detail‑oriented mindset focused on secure and scalable code.
Seniority level
Mid‑Senior level
Employment type
Contract
Job function
Information Technology
IT Services and IT Consulting
#J-18808-Ljbffr
(CA, TX, NY) or St. Louis MO (Hybrid)
Key Responsibilities Identify, triage, and remediate vulnerabilities detected through SAST, DAST, and dependency scanning tools (e.g., Snyk, SonarQube, Checkmarx, OWASP ZAP).
Apply secure coding principles and implement fixes for issues like XSS, CSRF, SQL Injection, SSRF, and command injection.
Refactor and harden existing Node.js/Express.js APIs for improved security and performance.
Update and manage dependencies to address known vulnerabilities using npm audit, Snyk, or similar tools.
Collaborate with the Security and QA teams to validate patches and verify that vulnerabilities have been fully resolved.
Improve CI/CD pipelines to automate vulnerability scans and security checks.
Document changes, maintain audit trails, and support re-scans post-fix validation.
Stay updated with Node.js security advisories, OWASP Top 10, and emerging threats.
Required Skills Experience with REST APIs, OAuth2/JWT, and secure session management.
Deep understanding of web application vulnerabilities and mitigation strategies.
Familiarity with Docker security, Linux hardening, and AWS cloud environments.
Hands‑on experience integrating security scans into CI/CD pipelines (Jenkins, GitHub Actions).
Preferred Qualifications Exposure to microservices architecture and API gateway security.
Knowledge of OWASP ASVS, CWE standards, or threat modeling frameworks.
Familiarity with DevSecOps practices.
Security-related certifications (e.g., CEH, CSSLP, OWASP Practitioner) are a plus.
Soft Skills Excellent problem‑solving and debugging skills.
Strong collaboration with cross‑functional engineering and InfoSec teams.
Proactive and detail‑oriented mindset focused on secure and scalable code.
Seniority level
Mid‑Senior level
Employment type
Contract
Job function
Information Technology
IT Services and IT Consulting
#J-18808-Ljbffr