Key skills
JavaSpring FrameworkCybersecuritySecure application architectureSecurity toolsEncryption techniquesAuthentication protocolsCloud securityAnalytical skillsProblem-solving skillsSpring BootSpringAWSAzureGCPKubernetesDockerIAMAPI GatewayOAuthSAMLService MeshCI/CDSnykSonarQubeOWASPCloud Security
About this role
TopQuadrant is a company that makes data meaningful and accessible, helping organizations manage their data effectively. They are seeking a Security Engineer to enhance security in enterprise applications, focusing on securing Java-based systems and ensuring compliance with data protection regulations.
Responsibilities:
- Design and implement security solutions for Java-based applications
- Secure applications, microservices, APIs, and databases against vulnerabilities
- Perform static (SAST) and dynamic (DAST) security testing
- Perform quarterly Vulnerability Scans and annual Penetration Test
- Manage application dependencies and vulnerabilities within established SLAs
- Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption
- Integrate security into the CI/CD pipeline to automate security testing and compliance checks
- Monitor, analyze, and respond to security incidents and security questionnaires
- Manage Drata for security monitoring, compliance automation, and audit readiness
- Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2)
- Collaborate with development teams to enforce secure coding best practices via code reviews
- Work with Spring Security to enforce access controls and secure distributed applications
- Maintain and publish TopQuadrant’s Authorized Software List
- Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, or a related field
- Strong Java development experience, with proficiency in Spring Boot and Spring Security
- Experience with secure coding practices (OWASP Top 10, CWE, etc.)
- Hands-on experience with security tools such as SonarQube and Snyk
- Knowledge of encryption techniques (AES, RSA), authentication protocols (OAuth, OpenID Connect), and API security
- Experience with cloud security best practices (AWS, Azure, or GCP)
- Certifications such as CISSP, CEH, CSSLP, or AWS Security are a plus
- Experience securing microservices architectures and containerized applications (Docker, Kubernetes)
- Familiarity with IAM (Identity & Access Management) solutions and database security
- Knowledge of log management, SIEM solutions, and intrusion detection
- Understanding of Spring Cloud Security, API Gateway security, and service mesh security
- Strong analytical and problem-solving skills