Node.js Engineer Application Security Remediation

Overview

On Site
Accepts corp to corp applications
Contract - Contract

Skills

Node.js Engineer

Job Details

Job Title: Node.js Engineer Application Security Remediation
Location: Dallas, TX - St Loius, NJ

About the Role:

We are looking for a skilled Node.js Engineer with a strong foundation in application security and secure coding practices. The primary focus of this role is to identify, analyze, and fix vulnerabilities within our existing Node.js applications.

You will collaborate with our InfoSec, architecture, and DevOps teams to remediate security gaps, refactor insecure code, and strengthen the overall security posture of our products.

Key Responsibilities:

  • Identify, triage, and remediate vulnerabilities detected through SAST, DAST, and dependency scanning tools (e.g., Snyk, SonarQube, Checkmarx, OWASP ZAP).
  • Apply secure coding principles and implement fixes for issues like XSS, CSRF, SQL Injection, SSRF, and command injection.
  • Refactor and harden existing Node.js/Express.js APIs for improved security and performance.
  • Update and manage dependencies to address known vulnerabilities using npm audit, Snyk, or similar tools.
  • Collaborate with the Security and QA teams to validate patches and verify that vulnerabilities have been fully resolved.
  • Improve CI/CD pipelines to automate vulnerability scans and security checks.
  • Document changes, maintain audit trails, and support re-scans post-fix validation.
  • Stay updated with Node.js security advisories, OWASP Top 10, and emerging threats.

Required Skills:

  • Strong proficiency in Node.js, Express.js, and JavaScript/TypeScript.
  • Experience with REST APIs, OAuth2/JWT, and secure session management.
  • Deep understanding of web application vulnerabilities and mitigation strategies.
  • Familiarity with Docker security, Linux hardening, and AWS cloud environments
  • Hands-on experience integrating security scans into CI/CD pipelines (Jenkins, GitHub Actions).

Preferred Qualifications:

  • Exposure to microservices architecture and API gateway security.
  • Knowledge of OWASP ASVS, CWE standards, or threat modeling frameworks.
  • Familiarity with DevSecOps practices.
  • Security-related certifications (e.g., CEH, CSSLP, OWASP Practitioner) are a plus.

Soft Skills:

  • Excellent problem-solving and debugging skills.
  • Strong collaboration with cross-functional engineering and InfoSec teams.
  • Proactive and detail-oriented mindset focused on secure and scalable code.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.