Security Engineer - Java & Spring

We collaborate with our client to assist the world's largest companies in breaking down data silos, enabling teams to make quicker, more informed decisions. Their flagship product represents the most practical application of Knowledge Graphs and semantic technology available today, allowing Fortune 1000 companies to enhance the discovery, governance, and security of their data— ultimately fueling the development of some of the world's most vital technologies.

This position is perfect for a Security Engineer with expertise in Java and the Spring Framework to enhance security in enterprise applications. This role involves securing Java-based systems and ensuring compliance with data protection regulations. The ideal candidate will have a strong background in Java development, cybersecurity, and secure application architecture.

• Design and implement security solutions for Java-based applications.
• Secure applications, microservices, APIs, and databases against vulnerabilities.
• Perform static (SAST) and dynamic (DAST) security testing.
• Perform quarterly vulnerability scans and annual penetration tests.
• Manage application dependencies and vulnerabilities within established SLAs.
• Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption.
• Integrate security into the CI/CD pipeline to automate security testing and compliance checks.
• Monitor, analyze, and respond to security incidents and security questionnaires.
• Manage data for security monitoring, compliance automation, and audit readiness.
• Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2).
• Collaborate with development teams to enforce secure coding best practices via code reviews.
• Work with Spring Security to enforce access controls and secure distributed applications.
• Maintain and publish the client’s Authorized Software List.
• Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Strong Java development experience, with proficiency in Spring Boot and Spring Security.
• Experience with secure coding practices (OWASP Top 10, CWE, etc.).
• Hands‑on experience with security tools such as SonarQube and Snyk.
• Knowledge of encryption techniques (AES, RSA), authentication protocols (OAuth, OpenID Connect), and API security.
• Experience with cloud security best practices (AWS, Azure, or GCP).

• Certifications such as CISSP, CEH, CSSLP, or AWS Security are a plus.
• Experience securing microservices architectures and containerized applications (Docker, Kubernetes).
• Familiarity with IAM (Identity & Access Management) solutions and database security.
• Knowledge of log management, SIEM solutions, and intrusion detection.
• Understanding of Spring Cloud Security, API Gateway security, and service mesh security.
• Strong analytical and problem‑solving skills.