Java/Scala Developer
Description
The contractor will:
· Review findings identified by our Application Security team alongside the Clearing development lead, and develop a clear understanding of the vulnerability pattern and its root cause
· Design and implement code fixes with an emphasis on consistent, repeatable solutions where the same vulnerability pattern appears in multiple locations
· Write or update unit and integration tests to validate fixes and prevent regression
· Follow existing coding standards and participate in code review with the development lead prior to merge
The vulnerability categories in scope span authentication and authorization controls, transport security, secrets handling, input validation, and related secure coding domains.
TECHNICAL PROFILE
Qualifications:
· 5+ years of Java software development experience
· 3+ years of Scala software development experience
· 2+ years AKKA development experience
· Experience working with Kafka
· Experience working with Postgres
· Experience with writing unit tests
Preferred Qualifications:
· Hands-on experience remediating application security findings (e.g., from SAST tools or penetration test reports)
· Packaged application integration experience, including knowledge of and the ability to implement packaged application software and integrate it with technology platforms
· Familiarity with transport security configuration (TLS/SSL) and secrets management in JVM-based services
· Experience with JWT / OAuth 2.0 in a JVM context
· Familiarity with CI/CD pipelines and security controls within build tooling
Technical Skills:
· Solid understanding of JVM internals and interoperability between Scala and Java
· Familiarity with secure coding practices and common vulnerability classes (OWASP Top 10)
· Knowledge of AWS and Kubernetes
· Experience with Docker
· Experienced in functional programming, and event driven programing
· Familiarity with Actor model
This contractor will not be working independently – they will be paired with our Clearing development lead and Application Security team to review findings, confirm fix approaches, and implement changes in accordance with existing coding standards.