3 Codeql Jobs

Role Overview: Java + Adobe, Salesforce, and Oracle. All resources should be L3 or L4 level, as L1/L2 engineers lack knowledge on code fixes. Highly skilled and security-focused Code Remediation Engineer with deep expertise in Java Full Stack development, cloud security tools, and enterprise platforms. This role is central to identifying, fixing, and preventing security vulnerabilities across complex application ecosystems. The ideal candidate will be hands-on in writing secure code, remediating legacy issues, and collaborating across teams to uplift the security posture of enterprise applications. Responsibilities: Analyze and remediate security vulnerabilities in Java-based full stack applications. Refactor insecure or deprecated code patterns to align with secure coding standards. Develop and deploy secure code fixes while maintaining application functionality and performance. Utilize tools such as Azure Defender , PRISMA Compute , AWS Inspector , and GCP Security Command Center to detect and respond to security threats. Integrate cloud-native security controls into application development and deployment pipelines. Embed security checks into CI/CD workflows using GitHub Advanced Security , CodeQL , and other tools. Automate remediation pipelines and enforce policy-as-code for consistent security enforcement. Apply remediation strategies across niche platforms such as Salesforce , Adobe , Oracle , Viva , Pega , IBA , and others. Collaborate with platform-specific teams to ensure secure integration and data handling. Work closely with application owners, architects, and security teams to prioritize and implement fixes. Document remediation efforts, root cause analysis, and secure development guidelines. Qualifications: 5+ years of experience in Java Full Stack development (Spring Boot, REST APIs, React/Angular). Proven experience in code remediation and secure development practices . Hands-on experience with cloud security tools across Azure, AWS, and GCP. Familiarity with GitHub Advanced Security , CodeQL , and CI/CD pipelines . Exposure to one or more enterprise platforms (e.g., Salesforce, Adobe, Oracle, Pega). Strong understanding of OWASP Top 10 , secure coding principles , and threat modeling . Excellent problem-solving, debugging, and communication skills. Experience with containerized environments (Docker, Kubernetes). Optional: Certifications in cloud security (e.g., AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer). Knowledge of infrastructure-as-code (Terraform, ARM, CloudFormation). Preferred candidate profile

About Position: We are looking Highly skilled and security-focused Code Remediation Engineer with deep expertise in Java Full Stack development, cloud security tools, and enterprise platforms. This role is central to identifying, fixing, and preventing security vulnerabilities across complex application ecosystems. The ideal candidate will be hands-on on Java backend frontend technologies with expertise in writing secure code, remediating legacy issues, and collaborating across teams to uplift the security posture of enterprise applications. Role: Code Developer Location: Pune Experience: 8-15years Job Type: Full Time Employment What You'll Do: Analyze and remediate security vulnerabilities in Java-based full stack applications. Refactor insecure or deprecated code patterns to align with secure coding standards. Develop and deploy secure code fixes while maintaining application functionality and performance. Utilize tools such as Azure Defender, PRISMA Compute, AWS Inspector, and GCP Security Command Center to detect and respond to security threats. Integrate cloud-native security controls into application development and deployment pipelines. Embed security checks into CI/CD workflows using GitHub Advanced Security, CodeQL, and other tools. Automate remediation pipelines and enforce policy-as-code for consistent security enforcement. Apply remediation strategies across niche platforms such as Salesforce, Adobe, Oracle, Viva, Pega, IBA, and others. Collaborate with platform-specific teams to ensure secure integration and data handling. Work closely with application owners, architects, and security teams to prioritize and implement fixes. Document remediation efforts, root cause analysis, and secure development guidelines. Expertise You'll Bring: 5+ years of experience in Java Full Stack development (Spring Boot, REST APIs, React/Angular). Proven experience in code remediation and secure development practices. Hands-on experience with cloud security tools across Azure, AWS, and GCP. Familiarity with GitHub Advanced Security, CodeQL, and CI/CD pipelines . Exposure to one or more enterprise platforms (e.g., Salesforce, Adobe, Oracle, Pega). Strong understanding of OWASP Top 10, secure coding principles, and threat modeling. Excellent problem-solving, debugging, and communication skills. Experience with containerized environments (Docker, Kubernetes). Optional - Certifications in cloud security (e.g., AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer). Optional - Knowledge of infrastructure-as-code (Terraform, ARM, CloudFormation). Benefits: Competitive salary and benefits package Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications Opportunity to work with cutting-edge technologies Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards Annual health check-ups Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents Inclusive Environment: Persistent Ltd. is dedicated to fostering diversity and inclusion in the workplace. We invite applications from all qualified individuals, including those with disabilities, and regardless of gender or gender preference. We welcome diverse candidates from all backgrounds. We offer hybrid work options and flexible working hours to accommodate various needs and preferences. Our office is equipped with accessible facilities, including adjustable workstations, ergonomic chairs, and assistive technologies to support employees with physical disabilities. If you are a person with disabilities and have specific requirements, please inform us during the application process or at any time during your employment. We are committed to creating an inclusive environment where all employees can thrive. Our company fosters a values-driven and people-centric work environment that enables our employees to: Accelerate growth, both professionally and personally Impact the world in powerful, positive ways, using the latest technologies Enjoy collaborative innovation, with diversity and work-life wellbeing at the core Unlock global opportunities to work and learn with the industry's best Let;s unleash your full potential at Persistent "Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind."

Key Responsibilities Support vulnerability[Support][Done] assessments using SAST, DAST, and SCA tools. Collaborate with DevOps , Vulnerability Management, IBM teams [Add vulnerability management team, IBM and third-party PenTest service provider][Done]to ensure security is integrated into CI/CD pipelines. Manage the vulnerability management lifecycle, including triage, tracking, and remediation. Provide remediation guidance and recommendations [Have a think about this.][Rephrased.]to developers on vulnerabilities. Maintain and evolve secure SDLC practices and documentation. Deliver security awareness and secure coding training sessions. Demonstrate a willingness to learn, research, and innovate to improve the overall AppSec posture. Threat Modeling tool administration[Re-visit.][Rephrased]. 3. Technical Skills and Experience Required Experience with the following tools: - DAST: Qualys, Rapid7 - SAST: CodeQL, Checkmarx, Fortify, SonarQube - SCA: Dependabot, JFrog Xray - API Security: Understanding of API security principles and tools like Postman, OWASP 47 years of hands-on experience in application security or secure software development. Strong understanding of OWASP Top 10, CWE/SANS Top 25, and secure SDLC. Understanding of vulnerability management lifecycle and remediation workflows. Understanding of threat modeling concepts. [This should be at the top of our requirement.][Done]API Security Top 10, or API gateways with security features. Familiarity with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap). Proficiency in at least one programming language (e.g., Java, Python, JavaScript, C#). Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps). Exposure to cloud security (AWS, Azure, or GCP) is a plus. 4. Soft Skills Required Strong analytical and problem-solving skills. Excellent verbal and written communication. Ability to work independently and collaboratively in cross-functional teams. Strong documentation and reporting capabilities. Proactive, detail-oriented, and eager to learn. 5. Good to Have Skills Working knowledge of DevSecOps practices and tools. Experience with container security (Docker, Kubernetes). Certifications such as CEH or equivalent. Familiarity with threat modeling tools (e.g., Microsoft Threat Modeling Tool, IriusRisk). Experience in Agile/Scrum environments.