Previous Job
Previous
NodeJS Developer with vulnerability
Ref No.: 26-00162
Location: St. Louis, Missouri
Position Type:Contract
Job Title: NodeJS Developer with vulnerability
Location: St. Louis, MO/ (Hybrid)
Contract Role
  • Must Have: NodeJS, vulnerability remediation, and security, Java

Primary Skills
  • AWS Elastic Beanstalk, AWS Lambda, Amazon CloudFront, Amazon API
  • Gateway, AWS Step Function

Specialization
  • AWS Development: Senior Software Development Engineer

About the Role
  • We are seeking a highly skilled Node Engineer with expertise in secure coding, vulnerability remediation, and security automation.
  • The ideal candidate will have hands-on experience remediating vulnerabilities in Java and Node.js applications, with a strong grasp of automation techniques, and a proven ability to leverage Generative AI solutions such as AWS Bedrock to
  • accelerate security workflows.
  • This role requires close collaboration with InfoSec, QA, DevOps, and engineering teams to ensure application security posture is proactively strengthened through intelligent automation and continuous improvement.

Key Responsibilities
  • Analyze, triage, and remediate vulnerabilities identified via SAST, DAST, and software composition analysis tools such as SonarQube, Veracode, Snyk, and Checkmarx.
  • Refactor insecure Java and Node.js codebases to mitigate vulnerabilities such as SQL Injection, XXE, XSS, CSRF, Deserialization, and Authentication flaws.
  • Patch and upgrade vulnerable third-party dependencies using Maven/Gradle, and validate post-remediation effectiveness.
  • Leverage Generative AI tools (e.g., AWS Bedrock) to build or enhance automation workflows for:
  • Auto-remediation of common vulnerability patterns
  • Code recommendations and patch generation
  • AI-driven security analysis and triage assistance
  • Automate vulnerability remediation and validation within CI/CD pipelines, improving security velocity and reducing manual effort.
  • Strengthen security configurations in Spring Boot, REST APIs, Node.js services, and Tomcat-based deployments.
  • Perform secure code reviews, provide remediation guidance, and promote secure coding best practices across development teams.
  • Collaborate with InfoSec and DevOps teams to validate fixes, perform re- scans, and close vulnerability tickets.
  • Stay current on security advisories, OWASP Top 10, CWE/SANS 25, and Java/Tomcat ecosystem updates.

Required Skills
  • Strong hands-on experience with Core Java, Spring Boot, Tomcat, and REST API development.
  • Proficiency in secure coding principles and application vulnerability remediation.
  • Experience remediating issues identified by tools like Veracode, Checkmarx,
  • SonarQube, or Snyk.
  • Knowledge of dependency management and patching practices using Maven or Gradle.
  • Familiarity with Node.js security configurations and remediation techniques.
  • Experience with OAuth2/JWT, input validation, encryption, and secure session
  • management.
  • Understanding of Docker, Kubernetes, and security considerations in cloud-native
  • applications.
Preferred Qualifications
  • Experience with automating vulnerability remediation using GenAI platforms (e.g.,
  • AWS Bedrock, Amazon Code Whisperer).
  • Exposure to DevSecOps pipelines, including automated security scans and policy
  • enforcement.
  • Strong understanding of Spring Security, secure API design, and infrastructure
  • hardening.
  • Certifications such as CEH, CSSLP, GSSP-Java, or similar are a plus.
Soft Skills
  • Strong analytical, debugging, and problem-solving skills.
  • Excellent communication and documentation abilities.
  • A collaborative mindset with the ability to work across security, development, and
  • operations teams.
  • Self-motivated and proactive in driving secure development practices and
  • automation.