Node.js Engineer – Application Security Remediation

Node.js Engineer Application Security Remediation

About the Role

We are looking for a skilled Node.js Engineer with a strong foundation in application security and secure coding practices. The primary focus of this role is to identify, analyze, and fix vulnerabilities within our existing Node.js applications.

You will collaborate with our InfoSec, architecture, and DevOps teams to remediate security gaps, refactor insecure code, and strengthen the overall security posture of our products.

Key Responsibilities

• Identify, triage, and remediate vulnerabilities detected through SAST, DAST, and dependency scanning tools (e.g., Snyk, SonarQube, Checkmarx, OWASP ZAP).
• Apply secure coding principles and implement fixes for issues like XSS, CSRF, SQL Injection, SSRF, and command injection.
• Refactor and harden existing Node.js / Express.js APIs for improved security and performance.
• Update and manage dependencies to address known vulnerabilities using npm audit, Snyk, or similar tools.
• Collaborate with the Security and QA teams to validate patches and verify that vulnerabilities have been fully resolved.
• Improve CI / CD pipelines to automate vulnerability scans and security checks.
• Document changes, maintain audit trails, and support re-scans post-fix validation.
• Stay updated with Node.js security advisories, OWASP Top 10, and emerging threats.

Required Skills

Preferred Qualifications

Soft Skills

Note : Momento USA is an Equal Opportunity / Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.