Role Overview:
Java + Adobe, Salesforce, and Oracle. All resources should be L3 or L4 level, as L1/L2 engineers lack knowledge on code fixes.
Highly skilled and security-focused Code Remediation Engineer with deep expertise in Java Full Stack development, cloud security tools, and enterprise platforms. This role is central to identifying, fixing, and preventing security vulnerabilities across complex application ecosystems. The ideal candidate will be hands-on in writing secure code, remediating legacy issues, and collaborating across teams to uplift the security posture of enterprise applications.
Responsibilities:
- Analyze and remediate security vulnerabilities in Java-based full stack applications.
- Refactor insecure or deprecated code patterns to align with secure coding standards.
- Develop and deploy secure code fixes while maintaining application functionality and performance.
- Utilize tools such as Azure Defender, PRISMA Compute, AWS Inspector, and GCP Security Command Center to detect and respond to security threats.
- Integrate cloud-native security controls into application development and deployment pipelines.
- Embed security checks into CI/CD workflows using GitHub Advanced Security, CodeQL, and other tools.
- Automate remediation pipelines and enforce policy-as-code for consistent security enforcement.
- Apply remediation strategies across niche platforms such as Salesforce, Adobe, Oracle, Viva, Pega, IBA, and others.
- Collaborate with platform-specific teams to ensure secure integration and data handling.
- Work closely with application owners, architects, and security teams to prioritize and implement fixes.
- Document remediation efforts, root cause analysis, and secure development guidelines.
Qualifications:
- 5+ years of experience in Java Full Stack development (Spring Boot, REST APIs, React/Angular).
- Proven experience in code remediation and secure development practices.
- Hands-on experience with cloud security tools across Azure, AWS, and GCP.
- Familiarity with GitHub Advanced Security, CodeQL, and CI/CD pipelines.
- Exposure to one or more enterprise platforms (e.g., Salesforce, Adobe, Oracle, Pega).
- Strong understanding of OWASP Top 10, secure coding principles, and threat modeling.
- Excellent problem-solving, debugging, and communication skills.
- Experience with containerized environments (Docker, Kubernetes).
Optional:
- Certifications in cloud security (e.g., AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer).
- Knowledge of infrastructure-as-code (Terraform, ARM, CloudFormation).
