We are seeking a hands-on Software Security Engineer to move beyond simple analysis and take ownership of fixing vulnerabilities. In this role, you will act as the primary remediation expert, diving into the code to resolve security flaws across a diverse landscape of applications. You won't just report the bug, you will refactor the code, secure the database, and harden the server configuration.
Key Responsibilities
* Hands-On Remediation: Directly implement code fixes for OWASP Top 10 vulnerabilities (XSS, SQL Injection, CSRF) across a hybrid stack of legacy and modern applications.
* Polyglot Development: Analyze and patch code in Classic ASP, Perl, ASP.NET (C#), Java, and React .
* Database Hardening: Refactor SQL queries to eliminate injection risks and improve database security standards.
* Infrastructure Security: Configure and secure IIS environments by applying security headers, disabling insecure modules, and enforcing HTTPS.
* Collaborative Verification: Work closely with QA and Security teams to verify fixes through static/dynamic scanning and manual testing.
The Technical Stack (Must Have)
* Legacy: Classic ASP, Perl.
* Modern: ASP.NET (C#), Java, JavaScript, React.
* Database: MS SQL Server (Writing and refactoring queries).
* Server: IIS Configuration & Hardening.
Required Qualifications
* 5+ years of experience in software development with a heavy focus on code remediation or application security.
* Proven ability to read, analyze, and fix code in both legacy languages (ASP/Perl) and modern frameworks (React/.NET).
* Deep understanding of OWASP Top 10 and how to resolve them at the code level.
* Experience configuring IIS for maximum security.
Desired:
* Experience in the Healthcare industry.