Elite Technical is seeking a Java Software Developer, with in-depth knowledge of Java technologies, Spring Framework and API-s in order to achieve maximum application, data and network security within the applications development team. We are seeking a Java SW Developer with basic software application security knowledge to identify input validation, input vulnerabilities, & Query Parametrization to ensure the source code within their applications development team is secured, and report/eliminate any threats to the environment. Some responsibilities include:

- Provide secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
- Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.
- Evaluate various application security tools including SAST, DAST, SCA, IAST, and Pen Testing and operationalize security tools for integration with CI/CD.
- Explains and interprets the vulnerability report items to development staff.
- Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.

Our customer is a Federal Healthcare Insurance organization based in Washington DC (this position is 100% remote but will return to DC office in the near term. Selected candidate must accept this requirement to be considered). Please contact Elite Technical immediately to learn more about this long term contract opportunity

Required Skills

- Bachelors Degree in IT related or the equivalent combination of education, training or experience
- Five (5) years of Java Software Programming, along with Spring Framework and API experience.
-Basic knowledge around SW Application Vulnerability best practices. Basic knowledge of any of the following Static Application Security Testing Tools: Fortify SCA, CheckMarx, AppScan, SonarCube. Basic knowledge around Secure Code Review (Input Validation, Query Parametrization, Error Handling, Session Management, Cryptography, etc.)
- Knowledge in security frameworks such as OWASP
-Basic experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, static and dynamic analysis and penetration testing.
- Demonstrated successful use of AGILE methodology