Sr. Java Developer

NTT Ltd is seeking a Sr. Java Developer in Charlotte, North Carolina, with a primary focus on application security. This full-time hybrid role centers on building and maintaining secure Java/J2EE applications while partnering with security teams to remediate vulnerabilities.

Responsibilities

• Architect, implement, and sustain secure Java/J2EE applications, aligning with enterprise security standards and best practices.
• Detect and remediate vulnerabilities such as XSS, CSRF, session fixation, IDOR, and path traversal.
• Conduct routine code reviews and security assessments to identify insecure patterns, code smells, and misconfigurations.
• Coordinate with security teams to triage and resolve findings from vulnerability scans, penetration testing, and security audits.
• Apply secure coding practices, including input validation, output encoding, and robust authentication and authorization.
• Manage third-party libraries (Axios, jQuery, Ext.js), ensuring dependencies are up to date and free from vulnerabilities.
• Configure web security controls such as CSP headers, HttpOnly/Secure/SameSite cookies, and cache directives.
• Diagnose and fix issues related to HTTP errors, session management, and inconsistent application behavior.
• Collaborate with frontend and backend teams to align validation across UI and server logic, reducing security gaps.
• Evaluate and secure APIs, including TPP/Open Banking integrations, with proper authentication and data protection.
• Participate in Agile ceremonies (sprint planning, standups, backlog grooming) to prioritize security and development tasks.
• Document security fixes, technical designs, and remediation steps to support knowledge sharing and audits.
• Support production releases, perform root cause analyses for incidents, and implement preventive measures.
• Continuously monitor emerging threats and propose improvements to strengthen the application's security posture.

Requirements

• At least five years of Java/J2EE development experience, including building and maintaining enterprise-grade web applications.
• A minimum of three years hands-on experience in application security, addressing XSS, CSRF, IDOR, and session-related issues.
• Three or more years working with web technologies (HTML, CSS, JavaScript) and libraries such as jQuery, Axios, or Ext.js.
• Two or more years applying secure coding practices, including input validation, output encoding, and authentication/authorization mechanisms.
• Two or more years with RESTful APIs and web services, focusing on API security and authentication/authorization.
• Two or more years with application servers such as Apache Tomcat, WebLogic, or JBoss.
• Two or more years using vulnerability management tools (Fortify, Checkmarx, Veracode, or similar SAST/DAST tools).
• Two or more years debugging and resolving production issues, including HTTP errors and performance bottlenecks.
• One or more years configuring security controls, including CSP headers, secure cookies, and cache control mechanisms.
• One or more years working in Agile/Scrum environments, participating in sprint ceremonies and collaborative development.

Technologies

• Java
• Java/J2EE
• HTML
• CSS
• JavaScript
• jQuery
• Axios
• Ext.js
• Apache Tomcat
• WebLogic
• JBoss
• Fortify
• Checkmarx
• Veracode