AI Summary
Analyze and remediate vulnerabilities in custom applications and open-source libraries, focusing on Java and JavaScript. Set up and operate application security testing processes in line with technical architecture and security policies.
Key Highlights
Analyze and remediate vulnerabilities
Set up and operate application security testing processes
Develop and implement remediation and risk mitigation strategies
Technical Skills Required
Benefits & Perks
Remote work
Contract-to-Hire
6+ month duration
Job Description
Job Summary – Software And Application Security Engineer (Xpanse)
- Role: Sr. Software Engineer / Application Security Specialist
- Location: Fully Remote (Lake Mary, FL preferred)
- Type: 6+ month Contract-to-Hire
- Industry: IT Software & Platform Engineering
- Analyze and remediate vulnerabilities in custom applications and open-source libraries, focusing on Java and JavaScript.
- Set up and operate application security testing processes in line with technical architecture and security policies.
- Identify, assess, and prioritize high-risk open-source components in the codebase.
- Develop and implement remediation and risk mitigation strategies for identified vulnerabilities.
- Conduct security reviews, provide technical designs, and drive innovative security solutions.
- Coach engineering teams on secure coding practices, code refactoring, patching, and dependency management.
- Recommend engineering design changes to reduce vulnerabilities.
- Administer and configure security tools, and document secure configurations.
- Serve as a security consultant and advisor for development teams throughout the software delivery lifecycle.
- Build partnerships with engineering, architecture, and security teams to mature secure coding practices.
- Stay informed about emerging threats, vulnerabilities, and mitigation measures in application security.
- Communicate security risks and remediation plans to stakeholders.
- Integrate with defined development, delivery, and change management processes.
- Serve as a thought leader and influencer within the enterprise for security standards and practices.
- Strong application security background and hands-on software development experience (Java/JavaScript).
- Proficient in application security testing, software composition analysis, and remediation.
- Deep understanding of web, cloud, and container security (tools, scanning, risk evaluation).
- Familiarity with OWASP, WASC, CWE, CVE, and other vulnerability standards.
- Experience with Sonatype, Qualys, SonarQube, AWS Inspector, and other security tools.
- Knowledge of DevOps/DevSecOps, code repository management, and AWS cloud services.
- Proficient in Java, JavaScript, Python; working knowledge of GitHub, Docker, Terraform, AWS ECS/EKS/Lambda.
- Strong analytical, problem-solving, and communication skills.
- Ability to coach, influence, and collaborate with development, architecture, and security teams.
- Bachelor’s degree in Computer Science/Engineering; AWS and security certifications preferred.
- Mortgage industry experience is a plus.
- Implement and manage secure coding practices across development teams.
- Conduct code vulnerability analysis and remediation (Java/JavaScript focus).
- Develop security roadmaps, architecture diagrams, and dashboards for posture improvement.
- Lead POCs for security tools and recommend best-fit solutions.
- Collaborate with CISO/security leadership on security strategy.
- Software engineer background (Java preferred), transitioned into application security.
- Strong in secure coding, security frameworks, and cloud security.
- Able to translate technical security risks into actionable, developer-friendly guidance.
- Leadership experience with small teams and security initiatives.
- Bonus: AI security experience.
- Positive, proactive, and eager to learn new technologies.
- Creative thinker with ability to challenge status quo.
- Excellent communicator, able to explain technical concepts to non-technical audiences.