Product Security Architect

At Werfen in Clinical Software Business Unit we are committed to developing secure, efficient, and innovative clinical applications and laboratory instrumentation systems. Our solutions enhance patient care and facilitate the management of information in hospitals and laboratories around the world.

We are looking for a Product Security Architect.

Job Summary

We are seeking a highly skilled Product Security Architect to design, implement, and enhance the security architecture of our applications and services. The ideal candidate will have deep expertise in Java, Spring Boot, and Spring Security, along with OAuth2 authentication and authorization mechanisms using Cognito and Keycloak. Experience with Kafka for event-driven architecture and PostgreSQL for database security is essential.

This role requires a proactive security mindset, strong problem-solving skills, and a deep understanding of secure software development practices. You will work closely with engineering teams, DevOps, and security teams to ensure robust security measures across the software development lifecycle.

Key Responsibilities

1. Define and implement secure application architecture for microservices and APIs.
2. Design and enforce security best practices using Spring Security and OAuth2 (Cognito, Keycloak).
3. Ensure compliance with OWASP, NIST, GDPR, and other security frameworks.
4. Implement and manage OAuth2 and OpenID Connect (OIDC) for authentication and authorization.
5. Integrate and configure AWS Cognito and Keycloak for identity and access management.
6. Develop and enforce secure coding practices in Java and Spring Boot applications.
7. Implement data encryption, secure API gateways, and token management.
8. Collaborate with engineering teams to conduct security code reviews and threat modeling.
9. Ensure Kafka security (authentication, authorization, and encryption).
10. Implement PostgreSQL security best practices, including encryption, access controls, and monitoring.
11. Secure inter-service communication using mTLS, JWT, and OAuth2 tokens.
12. Implement logging, monitoring, and anomaly detection for security events.

Required Qualifications and Skills

1. Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
2. Strong programming skills in Java, Spring Boot, Spring Security.
3. Hands-on experience with OAuth2, OIDC, Cognito, and Keycloak for authentication and authorization.
4. Experience securing Kafka-based event-driven architectures.
5. Proficiency in PostgreSQL security mechanisms (encryption, auditing, access control).
6. Knowledge of microservices security, API security (JWT, OAuth2), and secure RESTful APIs.
7. Strong understanding of network security, IAM, and DevSecOps best practices.
8. Experience with threat modeling, penetration testing, and vulnerability management.
9. Familiarity with compliance frameworks (GDPR, SOC2, HIPAA, etc.).

What we offer:

1. A meaningful project that will impact the quality of laboratory software medicine worldwide.
2. 3 days a week working from home.
3. Multicultural and friendly team.
4. Exciting opportunities for professional development.
5. Ongoing training.
6. Social benefits: Canteen, nursery check, English training...
7. All the benefits according to the chemical agreement.

Our Purpose: We contribute to the advancement of patient care around the world through innovative specialized diagnostics.