$130,000 - $212,500 Annual

Princeton, New Jersey

See The Original Here

$130,000 - $212,500 Annual

Who We are Looking For

This role will be member of the Global Infrastructure Operations Continuous Service Improvement (CSI) team as part of 24*7*365 Production Management organization. An organization that delivers highly secure, reliable, efficient infrastructure technology operations services that are focused on the needs of all State Street business. Responsible for delivering continuous improvement across various infrastructure operations towers by supporting the ITIL framework to improve processes, which ultimately improve our business.

We are seeking a skilled Java Vulnerability Lead to join our team, responsible for identifying, assessing, and mitigating vulnerabilities within Java-based applications and environments. The ideal candidate will have a strong background in Java development, familiarity with security principles, and experience in vulnerability assessment and remediation.

What you will be responsible for

The right person for this role will have a strong track record of program management experience, the demonstrated ability to deliver multiple high priority projects simultaneously, the ability to drive alignment across teams with competing priorities and be a strong advocate for risk management.

Job Responsibilities

  • Conduct regular assessments of Java-based applications and systems to identify vulnerabilities, security flaws, and misconfigurations.
  • Analyze security advisories, patches, and updates related to Java frameworks, libraries, and runtime environments.
  • Collaborate with development teams to prioritize and remediate identified vulnerabilities in a timely manner.
  • Develop and maintain tools, scripts, and processes to automate vulnerability scanning, assessment, and mitigation tasks.
  • Perform code reviews and static analysis of Java code to identify security vulnerabilities and coding best practices violations.
  • Stay up-to-date with emerging threats, attack vectors, and security trends affecting Java applications and environments.
  • Provide guidance and recommendations to development teams on secure coding practices, encryption, authentication, and access control mechanisms.
  • Work closely with system administrators, network engineers, and other stakeholders to ensure the overall security posture of Java-based systems.
  • Monitor security forums, mailing lists, and vulnerability databases to stay informed about newly discovered vulnerabilities and potential exploits.
  • Participate in incident response activities and security assessments to identify and address security incidents and breaches involving Java applications.
  • Individual will play a direct role in vendor management, overseeing the scheduling and implementation of the patching activities across all platforms.
  • Support and Drive remediation of cyber risks identified by Global Cyber Security, Corporate Audit, Technology Risk Management and Regulators.
  • Participate in engineering and technical solutioning to strengthen controls and improve effectiveness of the Patching & Compliance Program.
  • Participate in the continuous improvement of the existing and the development of new automation solutions to enhance effectiveness of the program.
  • Ensure the Patching & Compliance Program satisfies all Internal & External Regulatory and Compliance standards
  • Support Regulatory and Audit inquiries providing insight to the Patching & Compliance Program and detailed evidence when requested.
  • Provide Information Technology risk management and compliance support to ensure effective identification, measurement, control and management of the relevant risks
  • Identify and manage IT risk by maintaining effective internal controls and escalating as appropriate any deficiencies to management and/or applicable technology governance boards.
  • Drive Continuous Service Improvement by looking at lesson learns and gap analysis and implement improvement plans to document, update and improve daily operation procedures
  • Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership and other cyber security teams
  • Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives
  • Track and monitor key milestones or after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities
  • Perform ad-hoc data remediation, clean-ups, and reporting using large complex data sets for high-priority security remediations

What we value

  • Bachelors degree in computer science, information technology, or related field.
  • 10+ years of experience in Java development, with a focus on security vulnerability analysis and remediation.
  • Ability to effectively coordinate and communicate between technical teams and business stakeholders with varying technical proficiencies
  • Strong understanding of Java programming language, JVM internals, and common Java frameworks (e.g., Spring, Hibernate).
  • Familiarity with security assessment tools and methodologies, such as static analysis tools, dynamic application security testing (DAST), and penetration testing.
  • Knowledge of secure coding practices, cryptography, authentication mechanisms, and web application security principles.
  • Excellent analytical and problem-solving skills with the ability to prioritize and manage multiple tasks in a fast-paced environment.
  • Effective communication skills with the ability to collaborate across teams and convey technical information to non-technical stakeholders.
  • Industry certifications such as Certified Secure Software Lifecycle Professional (CSSLP) or GIAC Secure Software Programmer (GSSP-JAVA) are a plus.

This position offers the opportunity to play a critical role in ensuring the security and integrity of our Java-based applications and systems. If you are passionate about Java security and possess the technical expertise to identify and address vulnerabilities effectively, we encourage you to apply.

Salary Range

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.