Req ID: 370230

Job Description:

Java Developer (Application Security)

Day to Day job Duties: (what this person will do on a daily/weekly basis)
• Design, develop, and maintain secure Java/J2EE-based applications, ensuring adherence to enterprise security standards and best practices
• Identify, analyze, and remediate application security vulnerabilities such as XSS, CSRF, session fixation, IDOR, and path traversal issues
• Perform regular code reviews and security assessments to detect code smells, insecure patterns, and misconfigurations
• Collaborate with security teams to triage and resolve findings from vulnerability scans, penetration testing, and security audits
• Implement secure coding practices, including input validation, output encoding, and proper authentication/authorization mechanisms
• Update and manage third-party libraries (e.g., Axios, jQuery, Ext.js), ensuring no outdated or vulnerable versions are in use
• Configure and enforce web security controls such as CSP headers, secure cookies (HttpOnly, Secure, SameSite), and cache directives
• Debug and resolve issues related to HTTP errors (e.g., 500 errors), session management, and application behavior inconsistencies
• Work closely with frontend and backend teams to ensure consistency in validation and prevent security gaps between UI and server-side logic
• Analyze and secure APIs, including TPP/Open Banking integrations, ensuring proper authentication and data protection
• Participate in sprint planning, daily stand-ups, and backlog grooming with Agile teams to prioritize security and development tasks
• Document security fixes, technical designs, and remediation steps for knowledge sharing and audit readiness
• Support production releases, perform root cause analysis for incidents, and implement preventive measures
• Continuously research emerging security threats and recommend improvements to strengthen application security posture

Basic Qualifications: (what are the skills required to this job with minimum years of experience on each)
• Minimum 5+ years of experience in Java/J2EE development, including building and maintaining enterprise-level web applications
• At least 3+ years of hands-on experience in application security, including identifying and remediating vulnerabilities such as XSS, CSRF, IDOR, and session-related issues
• Minimum 3+ years of experience with web technologies such as HTML, CSS, JavaScript, and frameworks/libraries like jQuery, Axios, or Ext.js
• At least 2+ years of experience in secure coding practices, including input validation, output encoding, authentication, and authorization mechanisms
• Minimum 2+ years of experience working with RESTful APIs and web services, including securing APIs and handling authentication/authorization
• At least 2+ years of experience with application servers such as Apache Tomcat, WebLogic, or JBoss
• Minimum 2+ years of experience in vulnerability management tools (e.g., Fortify, Checkmarx, Veracode, or similar SAST/DAST tools)
• At least 2+ years of experience in debugging and resolving production issues, including HTTP errors and performance bottlenecks
• Minimum 1+ year of experience with security configurations, including CSP headers, secure cookies (HttpOnly, Secure, SameSite), and cache control mechanisms
• At least 1+ year of experience working in Agile/Scrum environments, participating in sprint ceremonies and collaborative development

Travel: This position requires 3 days in office either in Charlotte, NC or Jersey City, NJ.
Degree: Bachelors in Computer Science or equivalent work experience

#LI-NorthAmerica