Node.js Developer

Kforce has a client that is seeking a Node.js Developer in Chicago, IL. Overview: The security engineer designs, implements, and maintains systems and networks to protect an organization's data and infrastructure from cyber threats. Key duties include conducting vulnerability assessments, responding to security incidents, managing access controls, developing security policies, and staying current with emerging threats and technologies. The developer will also develop and deliver quality solutions using Node.js, REST, NoSQL, and other web technologies. The candidate will work with minimum technical supervision and supplemental engineering support. They will also design and develop enhancements on new and existing applications using Node.js. Key Responsibilities:

• Analyze and remediate vulnerabilities identified by Wiz and Veracode
• Review Java, Node.js, and SQL code to identify security weaknesses and implement secure coding standards
• Collaborate with developers to patch CVEs in dependencies and third-party libraries
• Apply cloud security best practices for AWS environments, including IAM policies, ECS roles, Lambda permissions, and S3 bucket configurations
• Document remediation steps, provide security guidance, and support continuous vulnerability management

• 5+ experience with Node JS developing APIs (must have), and nice to have knowledge of python, and/or other scripting languages, express.js, next.js
• Experience fixing vulnerabilities in npm dependencies
• Proficient understanding of code versioning tools, such as Git/SVN
• Programming and Code Remediation

• Understanding of SQL query optimization and prevention of injection vulnerabilities
• Familiarity with stored procedures and parameterized queries

• Understand common security flaws (SQL injection, XXE, deserialization, CSRF, etc.)
• Able to implement secure coding practices and patch CVEs in dependencies (Maven)
• Understanding AWS IAM policies, S3 bucket permissions, ECS task roles, and Lambda security
• Ability to interpret Wiz findings and apply least-privilege principles

• Experience integrating Veracode and Wiz scans into CI/CD pipelines (TeamCity, Jenkins, GitHub Actions, etc.)
• Familiarity with dependency management, artifact scanning, and pipeline gating practices
• Java programming experience is nice to have
• Cloud Security (AWS Preferred)