Senior Software Engineer (Profile II)

Description

Job Summary: The Cyber Solutions is seeking a Senior Software Engineer, Java Security Analyst, or Senior Java Backend Developer with a DevSecOps focus to mitigate vulnerabilities and update libraries. Key Highlights: 1. Application remediation (AppSec Engineer) 2. Focus on mitigating transitive vulnerabilities 3. Culture grounded in ethics, love, purpose, and evolution Cyber Solutions is a technology company passionate about innovation and digital transformation. We operate as a **Software Factory** and **IT Professional Body Shop**, delivering **intelligent** and **customized solutions** across multiple sectors, including **Retail**, **Industry**, and **Insurance**. **About Us** Founded in 1999, we grew rapidly by combining creativity and engineering to develop impactful technological solutions. Our **mission** is to **transform lives**, guided by **transparency**, **enthusiasm**, and an unwavering drive for **evolution**. **Our Culture and Values** At Cyber Solutions, we believe people are our greatest asset. We operate guided by principles that strengthen our team and accelerate our growth: * **God:** Our foundation is rooted in ethics, love, and purpose. * **People:** We value respect, empathy, and collaboration. * **Action:** We act with determination to create impact. * **Excellence:** Quality and dedication are in our DNA. * **Evolution:** We continuously learn and innovate. * **Results:** Our focus is delivering solutions that truly transform. **We Are Growing!** We are looking for a Senior Software Engineer with solid experience in development for application remediation (AppSec Engineer), a Java Security Analyst, or a Senior Java Backend Developer with a DevSecOps orientation. **Responsibilities** Library Updates: Modify pom.xml to use secure versions, performing \"patching\" of legacy libraries. * Mitigation of Transitive Vulnerabilities: Resolve vulnerabilities in libraries not declared directly but brought in by other dependencies. * Impact Analysis: Assess whether updating a library will introduce \"breaking changes\" (compatibility breaks) in existing code. **Behavioral Requirements (Soft Skills)** * Analytical thinking to identify vulnerabilities and perform root cause analysis * Attention to detail, especially when reviewing dependencies, code, and security risks * Critical thinking to evaluate technical impacts (e.g., breaking changes) before implementing changes * Proactivity in identifying and mitigating security risks * Technical responsibility and rigor when performing fixes affecting critical systems * Risk- and impact-based decision-making capability * Organization and methodology to manage multiple dependencies and complex environments * Collaboration with development, security, and architecture teams * Clear communication to explain vulnerabilities and technical impacts to the team * Commitment to continuous improvement in security practices (DevSecOps) * Adaptability to work with legacy systems and varying levels of security maturity * Ownership mindset regarding application security and stability **Desired Technical Requirements (Hard Skills)** Java/JVM Proficiency: Deep knowledge of the Java platform, understanding how libraries are loaded and how code-level vulnerabilities (e.g., code injection, insecure deserialization) manifest. * Dependency Management (Maven/Gradle): Expertise in pom.xml, capable of analyzing dependency trees (mvn dependency:tree), identifying transitive dependencies, forcing versions (), and excluding vulnerable libraries.