Lead Java Security Engineer

Department: Software Engineering

Employment Type: Permanent - Full Time

Location: Remote, UK

At Hazelcast, we build a high-performance, real-time data platform used in mission-critical systems across industries like finance, e-commerce and telecoms. Our platform enables applications to access and process data in milliseconds, powering use cases such as fraud detection, real-time inventory tracking and dynamic pricing.

We\'re looking for a Lead Software Security Engineer to take our product security program to the next level. This is a high-impact, hands-on role where you’ll guide the secure design and development of distributed systems, shape engineering and product roadmaps, and foster a security-first mindset across teams.

• Be a Security Champion
• Be a trusted advisor and advocate for security across the development lifecycle, influencing architecture, design and implementation decisions.
• Embed secure development practices into day-to-day workflows across engineering teams.
• Own the vulnerability management lifecycle: from discovery and triage to remediation tracking and coordinated disclosure.
• Build Secure Products by Design
• Conduct threat models, security architecture reviews and risk assessments for new features and core platform components.
• Develop secure design patterns and reusable guidance for engineers.
• Drive Security Strategy & Standards
• Define and evolve our secure software development standards and guidelines.
• Lead the integration of security tools and automation into CI/CD pipelines.
• Coordinate penetration testing and assist with remediation and root-cause analysis.
• Lead with Thought and Action
• Stay current on application security threats, tools and trends and share knowledge internally.
• Mentor engineers and help elevate security awareness and capability across the organization.

You’re a hands-on, technically strong security engineer with deep experience securing complex systems, ideally distributed platforms. You balance a pragmatic, risk-informed mindset with a strong understanding of security principles and engineering realities.

Must-Have Experience

• Proven experience in application and product security, including secure design, threat modeling and secure coding practices.
• Strong knowledge of security issues in modern software stacks, such as Java, distributed systems, microservices, containers, etc.
• Experience integrating security tools into development pipelines (eg. static/dynamic analysis, dependency scanning).
• Hands-on experience managing and remediating software vulnerabilities.
• Strong communication and collaboration skills; able to work cross-functionally with engineering, product and leadership.

Nice-to-Haves

• Familiarity with JVM internals, Hazelcast or other distributed data systems.
• Experience conducting or coordinating penetration tests.
• Contributions to open-source security projects or involvement in the broader security community.

• 25 days Annual Leave + Bank Holidays + Quarterly Wellbeing Days
• Group Company Pension Plan
• Private Medical Insurance
• Private Dental Insurance
• Life Insurance
• EAP (Employee Assistance Program)

Location: Fully Remote within UK&I, with access to a City of London based office.