Lead JavaScript Developer / Security SME - 100% REMOTE!

Our premier financial client is seeking a Lead JavaScript Developer [ Security SME ] with Node.JS, AWS to

• JavaScript Developer with Node.js, AWS cloud is a big plus.
• Java and SQL are pluses
• Security SME, deep knowledge of user level web application security.
• Knows script patterns and user auth, SSO, OAuth, cryptography they will analyze reports from audits and lead/provide solutions, when there are incidents they will lead the response.
• This is 100% hands on leadership Web Developer role but someone who can also handle the security.

• Actively design and implement significant and complex payment system on a day-to-day basis.
• Own application and subsystem qualities - reliability, scalability, maintainable, security and testability
• Lead and support team members practices in compliance with data security standards and policies
• Provide technical and domain guidance to engineers as a senior technical resource.
• Develop conceptual and detailed designs for development initiatives and conduct design reviews with management and development teams
• Conduct code reviews and mentor/direct developers as required
• Provide training for application development and support teams on product functions, techniques, DevOps, and other application frameworks including promoting best engineering practice.
• Provides technical support to project team members.
• Author detailed design and tech documentation
• Research technologies and provide proof of concept.
• Act as emergency support team as needed.
• Provide oversight for new technology implementation and design.
• Work closely with vendors to implement solutions when needed

• Must have Bachelor's Degree in Computer Science or equivalent field
• Minimum 10 years of experience in software development

• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, PCI, HIPPA, ISO, GDPR, CCPA, etc.

• Expert understanding of secured software development lifecycle, technologies and practice
• In-depth experience designing and architecting secure native cloud web applications
• Strong project experience and hands-on knowledge of web/application-layer security and attack vectors
• Strong working knowledge of OAuth2, Multifactor Authentication (MFA), SSO, SAML, etc.
• Direct knowledge of and experience with OWASP Top 10, SSL/TLS, PKI, and practical cryptography usage
• In-depth working knowledge and hands-on skills with identity management and role-based access
• In-depth hands-on working knowledge of Web, Application and/or Infrastructure Security
• Ability to understand code-level issues and promote secure coding practices for one or more languages like Java, JavaScript, Python, and SQL
• Expert knowledge of web application security testing and automated security testing tools
• Knowledge of threat modeling, static application security testing and dynamic application security testing.
• Lead security code review and provide security guidance to colleagues
• Participate in security audit, assessment, provide mitigation proposals, lead solution implementation
• Experience with tools such as Snyk, Veracode, Fortify, or equivalent
• Ability to manage vendor relationships when needed
• Ability to explain security concepts to non-technical audiences

• IT staffing and placement such as Project Managers, Agile/Scrum Masters, Business Analysts, DBAs, Software Engineers, Mobile Developers (iOS, Android), DevOps, Automation, QA, Systems & Network Engineers, Cyber Security / Information Security Specialists, ERP, CRM, Business Intelligence, Data Warehousing, Big Data and Creative (UI/UX, Web Design)

• Operational staffing and placement of Accounting/Finance, Human Resources, and Marketing professionals, as well as Information Technology resources.