Job Summary
Role Summary
Own end-to-end security across frontend and backend stacks by driving CVE remediation, secure coding practices, and full-stack hardening.
Key Responsibilities
Key Responsibilities
- Triage and remediate CVEs across frontend (pnpm/npm) and backend (Java/Maven)
- Perform root-cause analysis and implement well-tested fixes across the stack
- Harden vulnerabilities: XSS, CSRF, injection, secrets exposure, broken authentication, IDOR
- Extend GitLab security scanning to frontend build artefacts
- Collaborate with tech leads on security-sensitive code reviews
- Handle minor full-stack bugfixes to maintain delivery velocity
- Contribute to security incident post-mortems and documentation
Skill Requirements
Required Skills
- Strong experience in Java and TypeScript/JavaScript
- Hands-on experience with Vue 3/Nuxt or comparable frontend frameworks
- Understanding of web security: XSS, CSRF, injection, auth, dependency risks, secrets management
- Ability to interpret CVE advisories and implement fixes
- Knowledge of container security (Docker, Kubernetes basics)
- Experience with Git, GitLab CI/CD pipelines, Maven and pnpm
- Structured problem-solving with good documentation practices
Other Requirements
Good to Have
- Vuetify component library experience
- SAST/DAST tools (Snyk, SonarQube, OWASP ZAP)
- Content Security Policy (CSP) configuration
- pnpm workspace experience
Ideal Profile
Versatile full-stack engineer with strong security mindset, capable of balancing secure coding practices with rapid delivery across modern web and backend architectures.