Java Developer (Application Security) (hybrid)

NTT DATA Services•Charlotte, NC

10d•Hybrid

About The Position

We are currently seeking a Java Developer (Application Security) to join our team in Charlotte, NC (hybrid). This role involves designing, developing, and maintaining secure Java/J2EE-based applications, ensuring adherence to enterprise security standards and best practices. The developer will identify, analyze, and remediate application security vulnerabilities, perform code reviews and security assessments, and collaborate with security teams to resolve findings from various security testing methods. The position requires implementing secure coding practices, managing third-party libraries, configuring web security controls, and debugging security-related issues. Collaboration with frontend and backend teams, securing APIs, and participating in Agile ceremonies are also key aspects of this role. Additionally, the developer will document security fixes, support production releases, and research emerging security threats to enhance the application security posture.

Requirements

5+ years of experience in Java/J2EE development, including building and maintaining enterprise-level web applications.
3+ years of hands-on experience in application security, including identifying and remediating vulnerabilities such as XSS, CSRF, IDOR, and session-related issues.
3+ years of experience with web technologies such as HTML, CSS, JavaScript, and frameworks/libraries like jQuery, Axios, or Ext.js.
2+ years of experience in secure coding practices, including input validation, output encoding, authentication, and authorization mechanisms.

Responsibilities

Design, develop, and maintain secure Java/J2EE-based applications, ensuring adherence to enterprise security standards and best practices.
Identify, analyze, and remediate application security vulnerabilities such as XSS, CSRF, session fixation, IDOR, and path traversal issues.
Perform regular code reviews and security assessments to detect code smells, insecure patterns, and misconfigurations.
Collaborate with security teams to triage and resolve findings from vulnerability scans, penetration testing, and security audits.
Implement secure coding practices, including input validation, output encoding, and proper authentication/authorization mechanisms.
Update and manage third-party libraries (e.g., Axios, jQuery, Ext.js), ensuring no outdated or vulnerable versions are in use.
Configure and enforce web security controls such as CSP headers, secure cookies (HttpOnly, Secure, SameSite), and cache directives.
Debug and resolve issues related to HTTP errors (e.g., 500 errors), session management, and application behavior inconsistencies.
Work closely with frontend and backend teams to ensure consistency in validation and prevent security gaps between UI and server-side logic.
Analyze and secure APIs, including TPP/Open Banking integrations, ensuring proper authentication and data protection.
Participate in sprint planning, daily stand-ups, and backlog grooming with Agile teams to prioritize security and development tasks.
Document security fixes, technical designs, and remediation steps for knowledge sharing and audit readiness.
Support production releases, perform root cause analysis for incidents, and implement preventive measures.
Continuously research emerging security threats and recommend improvements to strengthen application security posture.