Sr.Node JS Developer - R01561357
Saint Louis, Missouri, United StatesFull-TimeSeniorOther
Primary Skills
- Typescript, NodeJS, Nestjs, Oracle RDBMS, Mongo, Docker, Jest, Express JS
Job requirements
- Job Title: Node JS Engineer – Application Security Remediation & Automation
- Location: St. Louis, MO/ Dallas TX (Hybrid – 3 days onsite)
- Experience Level: 6+ years
- Must Have: NodeJS, vulnerability remediation, and security, Java
- About the Role
- · We are seeking a highly skilled Node Engineer with expertise in secure coding, vulnerability remediation, and security automation.
- · The ideal candidate will have hands-on experience remediating vulnerabilities in Java and Node.js applications, with a strong grasp of automation techniques, and a proven ability to leverage Generative AI solutions such as AWS Bedrock to accelerate security workflows.
- · This role requires close collaboration with InfoSec, QA, DevOps, and engineering teams to ensure application security posture is proactively strengthened through intelligent automation and continuous improvement.
- Key Responsibilities
- · Analyze, triage, and remediate vulnerabilities identified via SAST, DAST, and software composition analysis tools such as SonarQube, Veracode, Snyk, and Checkmarx.
- · Refactor insecure Java and Node.js codebases to mitigate vulnerabilities such as SQL Injection, XXE, XSS, CSRF, Deserialization, and Authentication flaws.
- · Patch and upgrade vulnerable third-party dependencies using Maven/Gradle, and validate post-remediation effectiveness.
- · Leverage Generative AI tools (e.g., AWS Bedrock) to build or enhance automation workflows for:
- · Auto-remediation of common vulnerability patterns
- · Code recommendations and patch generation
- · AI-driven security analysis and triage assistance
- · Automate vulnerability remediation and validation within CI/CD pipelines, improving security velocity and reducing manual effort.
- · Strengthen security configurations in Spring Boot, REST APIs, Node.js services, and Tomcat-based deployments.
- · Perform secure code reviews, provide remediation guidance, and promote secure coding best practices across development teams.
- · Collaborate with InfoSec and DevOps teams to validate fixes, perform re-scans, and close vulnerability tickets.
- · Stay current on security advisories, OWASP Top 10, CWE/SANS 25, and Java/Tomcat ecosystem updates.
- Required Skills
- · Strong hands-on experience with NodeJS, Java, Tomcat, and REST API development.
- · Proficiency in secure coding principles and application vulnerability remediation.
- · Experience remediating issues identified by tools like Veracode, Checkmarx, SonarQube, or Snyk.
- · Knowledge of dependency management and patching practices using Maven or Gradle.
- · Familiarity with Node.js security configurations and remediation techniques.
- · Experience with OAuth2/JWT, input validation, encryption, and secure session management.
- · Understanding of Docker, Kubernetes, and security considerations in cloud-native applications.
- Preferred Qualifications
- · Experience with automating vulnerability remediation using GenAI platforms (e.g., AWS Bedrock, Amazon CodeWhisperer).
- · Exposure to DevSecOps pipelines, including automated security scans and policy enforcement.
- · Strong understanding of Spring Security, secure API design, and infrastructure hardening.
- · Certifications such as CEH, CSSLP, GSSP-Java, or similar are a plus.
- Soft Skills
- · Strong analytical, debugging, and problem-solving skills.
- · Excellent communication and documentation abilities.
- · A collaborative mindset with the ability to work across security, development, and operations teams.
- · Self-motivated and proactive in driving secure development practices and automation.
