NTT DATA North America
Sr. Java Developer (Application Security / FTE / Hybrid)
At a Glance
About This Role
Responsibilities
- Design, develop, and maintain secure Java/J2EE-based applications, ensuring adherence to enterprise security standards and best practices
- Identify, analyze, and remediate application security vulnerabilities such as XSS, CSRF, session fixation, IDOR, and path traversal issues
- Perform regular code reviews and security assessments to detect code smells, insecure patterns, and misconfigurations
- Collaborate with security teams to triage and resolve findings from vulnerability scans, penetration testing, and security audits
- Implement secure coding practices, including input validation, output encoding, and proper authentication/authorization mechanisms
- Update and manage third-party libraries (e.g., Axios, jQuery, Ext.js), ensuring no outdated or vulnerable versions are in use
- Configure and enforce web security controls such as CSP headers, secure cookies (HttpOnly, Secure, SameSite), and cache directives
- Debug and resolve issues related to HTTP errors (e.g., 500 errors), session management, and application behavior inconsistencies
- Work closely with frontend and backend teams to ensure consistency in validation and prevent security gaps between UI and server-side logic
- Analyze and secure APIs, including TPP/Open Banking integrations, ensuring proper authentication and data protection
- Participate in sprint planning, daily stand-ups, and backlog grooming with Agile teams to prioritize security and development tasks
- Document security fixes, technical designs, and remediation steps for knowledge sharing and audit readiness
- Support production releases, perform root cause analysis for incidents, and implement preventive measures
- Continuously research emerging security threats and recommend improvements to strengthen application security posture
Requirements
- Minimum 5+ years of experience in Java/J2EE development, including building and maintaining enterprise-level web applications
- At least 3+ years of hands-on experience in application security, including identifying and remediating vulnerabilities such as XSS, CSRF, IDOR, and session-related issues
- Minimum 3+ years of experience with web technologies such as HTML, CSS, JavaScript, and frameworks/libraries like jQuery, Axios, or Ext.js
- At least 2+ years of experience in secure coding practices, including input validation, output encoding, authentication, and authorization mechanisms
- Minimum 2+ years of experience working with RESTful APIs and web services, including securing APIs and handling authentication/authorization
- At least 2+ years of experience with application servers such as Apache Tomcat, WebLogic, or JBoss
- Minimum 2+ years of experience in vulnerability management tools (e.g., Fortify, Checkmarx, Veracode, or similar SAST/DAST tools)
- At least 2+ years of experience in debugging and resolving production issues, including HTTP errors and performance bottlenecks
- Minimum 1+ year of experience with security configurations, including CSP headers, secure cookies (HttpOnly, Secure, SameSite), and cache control mechanisms
- At least 1+ year of experience working in Agile/Scrum environments, participating in sprint ceremonies and collaborative development
- Bachelor's in Computer Science or equivalent work experience
About NTT DATA North America
Keane India Ltd is the Indian subsidiary of Keane, Inc., an IT services company based in Boston. Founded in 1965, Keane focuses on application services, infrastructure, and business process outsourcing (BPO). The company operates through onsite, nearshore, and offshore models, providing flexible solutions to clients globally. Headquartered in Hyderabad, Telangana, Keane India Ltd offers a range of IT services, including software engineering, application maintenance, and management outsourcing. With a strong emphasis on project management, the company has a long history of serving various businesses and government agencies. Keane India Ltd has been recognized for its innovations in application management outsourcing and has participated in industry events alongside major firms in the IT sector.
Security at NTT DATA North America
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- NTT DATA follows a 'shift-everywhere' philosophy, emphasizing end-to-end secure development and operations.
- They position security as a trusted partner that enables accelerated application release lifecycles rather than acting as a gatekeeper.
- Their approach focuses on managing risk at scale and creating a unified picture of risk.
Security Team
NTT DATA's security organization is led by Charlie Li, Global Head of Cloud & Security. The team actively recruits for roles such as 'Sr Java Developer - Application Security' and 'QA Testing Specialist - Application Security' in North America. Specific reporting lines to the CISO or CTO and the exact team size are not publicly documented.
Key Initiatives
- A major recent initiative is the global strategic agreement with Synopsys (March 2024) to automate and scale security testing, which has reportedly increased automated, event-driven testing by 200%.
- Operational workflows include performing security testing, validating vulnerabilities, and tracking defects via Jira/Xray.
- No evidence was found for a formal 'Security Champions' program or specific vulnerability remediation SLAs.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.
Interested in this role?
Apply on LinkedIn