While the client’s digital re-design project is being done in Java, they’re not looking for a developer. Instead, they’re looking for someone familiar with the secure development “process” or lifecycle, that can be dropped into the existing development team to offer guidance, code reviews and occasional help delivering a secure end product. In my mind, this is similar to a high level BA or classic PM. The key “need” is familiarity with the secure development process (application security). This is different from infrastructure security.