The Giant Bullseye
Application Security Engineer – Java / Node.js
The Giant Bullseye, Saint Louis, Missouri, United States, 63146
Overview
Seeking a Java / Node.js Engineer focused on application security remediation, technical debt reduction, and automated vulnerability fixes across multiple platforms. This role partners closely with InfoSec, QA, DevOps, and engineering teams to improve security posture using automation and GenAI-driven solutions.
Key Responsibilities
Triage and remediate vulnerabilities from SAST, DAST, and SCA tools
Secure Java, Node.js, Ruby on Rails, and WordPress applications against common OWASP risks
Patch and upgrade third-party dependencies and harden application configurations
Validate fixes through regression testing and user flow checks
Integrate automated security and remediation into CI/CD pipelines
Build GenAI-assisted remediation workflows using AWS Bedrock or similar tools
Reduce technical debt, modernize legacy components, and harden cloud, container, and OS environments
Collaborate with InfoSec and QA teams to close security findings and rescans
Required Skills & Experience
Strong hands-on experience with Java, Spring Boot, REST APIs, and secure coding
Proficiency in Node.js, Express.js, JavaScript/TypeScript
Working knowledge of Ruby on Rails and WordPress security
Experience with Veracode, Checkmarx, SonarQube, Snyk, or similar tools
Strong understanding of OWASP vulnerabilities and mitigation techniques
Experience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWS
Hands‑on experience integrating security into CI/CD pipelines
Exposure to GenAI tools such as AWS Bedrock or CodeWhisperer
Preferred Qualifications
Experience with microservices, cloud-native security, and DevSecOps
Familiarity with OWASP ASVS and threat modeling
Security certifications (CEH, CSSLP, OSCP) a plus
#J-18808-Ljbffr
Key Responsibilities
Triage and remediate vulnerabilities from SAST, DAST, and SCA tools
Secure Java, Node.js, Ruby on Rails, and WordPress applications against common OWASP risks
Patch and upgrade third-party dependencies and harden application configurations
Validate fixes through regression testing and user flow checks
Integrate automated security and remediation into CI/CD pipelines
Build GenAI-assisted remediation workflows using AWS Bedrock or similar tools
Reduce technical debt, modernize legacy components, and harden cloud, container, and OS environments
Collaborate with InfoSec and QA teams to close security findings and rescans
Required Skills & Experience
Strong hands-on experience with Java, Spring Boot, REST APIs, and secure coding
Proficiency in Node.js, Express.js, JavaScript/TypeScript
Working knowledge of Ruby on Rails and WordPress security
Experience with Veracode, Checkmarx, SonarQube, Snyk, or similar tools
Strong understanding of OWASP vulnerabilities and mitigation techniques
Experience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWS
Hands‑on experience integrating security into CI/CD pipelines
Exposure to GenAI tools such as AWS Bedrock or CodeWhisperer
Preferred Qualifications
Experience with microservices, cloud-native security, and DevSecOps
Familiarity with OWASP ASVS and threat modeling
Security certifications (CEH, CSSLP, OSCP) a plus
#J-18808-Ljbffr