Java Developer (Application Security) (hybrid)

NTT DATA Corporation

Charlotte, United States of America

yesterday

Role details

Contract type

Permanent contract

Employment type

Full-time (> 32 hours)

Working hours

Regular working hours

Languages

English

Experience level

Intermediate

Job location

Charlotte, United States of America

Tech stack

HTML

Java

JavaScript

API

Agile Methodologies

Software System Penetration Testing

User Authentication

CSS

Code Review

Encodings

Cross-Site Request Forgery

Data Validation

Software Debugging

Online Banking

Java Platform Enterprise Edition (J2EE)

jQuery

Scrum

Secure Coding

Web Application Security

Session Management

Web Applications

Software Security

Cross-Site Scripting (XSS)

Backend

Web Technologies

Front End Software Development

Vulnerability Analysis

Job description

Design, develop, and maintain secure Java/J2EE-based applications, ensuring adherence to enterprise security standards and best practices.
Identify, analyze, and remediate application security vulnerabilities such as XSS, CSRF, session fixation, IDOR, and path traversal issues.
Perform regular code reviews and security assessments to detect code smells, insecure patterns, and misconfigurations.
Collaborate with security teams to triage and resolve findings from vulnerability scans, penetration testing, and security audits.
Implement secure coding practices, including input validation, output encoding, and proper authentication/authorization mechanisms.
Update and manage third-party libraries (e.g., Axios, jQuery, Ext.js), ensuring no outdated or vulnerable versions are in use.
Configure and enforce web security controls such as CSP headers, secure cookies (HttpOnly, Secure, SameSite), and cache directives.
Debug and resolve issues related to HTTP errors (e.g., 500 errors), session management, and application behavior inconsistencies.
Work closely with frontend and backend teams to ensure consistency in validation and prevent security gaps between UI and server-side logic.
Analyze and secure APIs, including TPP/Open Banking integrations, ensuring proper authentication and data protection.
Participate in sprint planning, daily stand-ups, and backlog grooming with Agile teams to prioritize security and development tasks.
Document security fixes, technical designs, and remediation steps for knowledge sharing and audit readiness.
Support production releases, perform root cause analysis for incidents, and implement preventive measures.
Continuously research emerging security threats and recommend improvements to strengthen application security posture.

Requirements

5+ years of experience in Java/J2EE development, including building and maintaining enterprise-level web applications.
3+ years of hands-on experience in application security, including identifying and remediating vulnerabilities such as XSS, CSRF, IDOR, and session-related issues.
3+ years of experience with web technologies such as HTML, CSS, JavaScript, and frameworks/libraries like jQuery, Axios, or Ext.js.
2+ years of experience in secure coding practices, including input validation, output encoding, authentication, and authorization mechanisms.

About the company

NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D.