NodeJS Developer with vulnerability - R01560256

About Brillio:

Brillio is one of the fastest growing digital technology service providers and a partner of choice for many Fortune 1000 companies seeking to turn disruption into a competitive advantage through innovative digital adoption. Brillio, renowned for its world-class professionals, referred to as "Brillians", distinguishes itself through their capacity to seamlessly integrate cutting-edge digital and design thinking skills with an unwavering dedication to client satisfaction.
Brillio takes pride in its status as an employer of choice, consistently attracting the most exceptional and talented individuals due to its unwavering emphasis on contemporary, groundbreaking technologies, and exclusive digital projects. Brillio's relentless commitment to providing an exceptional experience to its Brillians and nurturing their full potential consistently garners them the Great Place to Work® certification year after year.

Consultant

Primary Skills:
• AWS Elastic Beanstalk, AWS Lambda, Amazon CloudFront, Amazon API Gateway, AWS Step Function

Specialization:
• AWS Development: Senior Software Development Engineer

Job requirements:
Job Title: Node JS Engineer – Application Security Remediation & Automation
Location: St. Louis, MO/ Dallas TX (Hybrid – 3 days onsite)
Experience Level: 6+ years
Must Have: NodeJS, vulnerability remediation, and security, Java
About the Role
· We are seeking a highly skilled Node Engineer with expertise in secure coding, vulnerability remediation, and security automation.
· The ideal candidate will have hands-on experience remediating vulnerabilities in Java and Node.js applications, with a strong grasp of automation techniques, and a proven ability to leverage Generative AI solutions such as AWS Bedrock to accelerate security workflows.
· This role requires close collaboration with InfoSec, QA, DevOps, and engineering teams to ensure application security posture is proactively strengthened through intelligent automation and continuous improvement.
Key Responsibilities
· Analyze, triage, and remediate vulnerabilities identified via SAST, DAST, and software composition analysis tools such as SonarQube, Veracode, Snyk, and Checkmarx.
· Refactor insecure Java and Node.js codebases to mitigate vulnerabilities such as SQL Injection, XXE, XSS, CSRF, Deserialization, and Authentication flaws.
· Patch and upgrade vulnerable third-party dependencies using Maven/Gradle, and validate post-remediation effectiveness.
· Leverage Generative AI tools (e.g., AWS Bedrock) to build or enhance automation workflows for:
· Auto-remediation of common vulnerability patterns
· Code recommendations and patch generation
· AI-driven security analysis and triage assistance
· Automate vulnerability remediation and validation within CI/CD pipelines, improving security velocity and reducing manual effort.
· Strengthen security configurations in Spring Boot, REST APIs, Node.js services, and Tomcat-based deployments.
· Perform secure code reviews, provide remediation guidance, and promote secure coding best practices across development teams.
· Collaborate with InfoSec and DevOps teams to validate fixes, perform re-scans, and close vulnerability tickets.
· Stay current on security advisories, OWASP Top 10, CWE/SANS 25, and Java/Tomcat ecosystem updates.
Required Skills
· Strong hands-on experience with Core Java, Spring Boot, Tomcat, and REST API development.
· Proficiency in secure coding principles and application vulnerability remediation.
· Experience remediating issues identified by tools like Veracode, Checkmarx, SonarQube, or Snyk.
· Knowledge of dependency management and patching practices using Maven or Gradle.
· Familiarity with Node.js security configurations and remediation techniques.
· Experience with OAuth2/JWT, input validation, encryption, and secure session management.
· Understanding of Docker, Kubernetes, and security considerations in cloud-native applications.
Preferred Qualifications
· Experience with automating vulnerability remediation using GenAI platforms (e.g., AWS Bedrock, Amazon CodeWhisperer).
· Exposure to DevSecOps pipelines, including automated security scans and policy enforcement.
· Strong understanding of Spring Security, secure API design, and infrastructure hardening.
· Certifications such as CEH, CSSLP, GSSP-Java, or similar are a plus.
Soft Skills
· Strong analytical, debugging, and problem-solving skills.
· Excellent communication and documentation abilities.
· A collaborative mindset with the ability to work across security, development, and operations teams.
· Self-motivated and proactive in driving secure development practices and automation.

Know what it’s like to work and grow at Brillio: Click here