Job Summary
Role Summary
Drive systematic remediation of security vulnerabilities across Java microservices with focus on CVE triage, root-cause fixes, and dependency hardening.
Key Responsibilities
Key Responsibilities
- Triage and remediate critical/high CVEs across 30+ Java microservices
- Perform root-cause analysis and implement minimal, well-tested fixes
- Harden vulnerable areas: injection, authentication gaps, secrets, dependencies
- Manage Maven multi-module dependency upgrades while ensuring stability
- Collaborate with tech leads for secure code reviews and validations
- Maintain CVE suppression registry with clear rationale
- Contribute to security incident post-mortems and reusable patterns
Skill Requirements
Required Skills
- 3+ years in Java (17+) backend development
- Strong Maven dependency management (multi-module)
- Experience resolving transitive dependency conflicts (BOMs, exclusions)
- Ability to interpret CVE advisories and assess exploitability
- Understanding of OWASP Top 10 (Java context)
- Exposure to GitLab CI/CD pipelines and security scans
- Experience working across multiple codebases
Other Requirements
Good to Have
- JAX-RS / Jersey / Quarkus
- JPA / Hibernate upgrade experience
- Container security basics
- SAST tools (SonarQube, SpotBugs) or GitLab Dependency Scanning
Ideal Profile
Hands-on engineer with strong debugging skills who can balance security rigor and delivery impact in a microservices ecosystem.