Security Engineer

About the Role

TopQuadrant is looking for a Security Engineer who specializes in Java and the Spring Framework. In this role, you will enhance security in our enterprise applications. You will focus on securing Java-based systems and ensuring compliance with data protection regulations.

What You'll Do

• Design and implement security solutions for Java-based applications.
• Secure applications, microservices, APIs, and databases against vulnerabilities.
• Perform static (SAST) and dynamic (DAST) security testing.
• Conduct quarterly Vulnerability Scans and annual Penetration Tests.
• Manage application dependencies and vulnerabilities within established SLAs.
• Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption.
• Integrate security into the CI/CD pipeline to automate security testing and compliance checks.
• Monitor, analyze, and respond to security incidents and security questionnaires.
• Manage Drata for security monitoring, compliance automation, and audit readiness.
• Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2).
• Collaborate with development teams to enforce secure coding best practices via code reviews.
• Work with Spring Security to enforce access controls and secure distributed applications.
• Maintain and publish TopQuadrant’s Authorized Software List.
• Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems.

What We're Looking For

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Strong Java development experience, with proficiency in Spring Boot and Spring Security.
• Experience with secure coding practices (OWASP Top 10, CWE, etc.).
• Hands-on experience with security tools such as SonarQube and Snyk.
• Knowledge of encryption techniques (AES, RSA), authentication protocols (OAuth, OpenID Connect), and API security.
• Experience with cloud security best practices (AWS, Azure, or GCP).
• Certifications such as CISSP, CEH, CSSLP, or AWS Security are a plus.

Nice to Have

• Experience securing microservices architectures and containerized applications (Docker, Kubernetes).
• Familiarity with IAM (Identity & Access Management) solutions and database security.
• Knowledge of log management, SIEM solutions, and intrusion detection.
• Understanding of Spring Cloud Security, API Gateway security, and service mesh security.
• Strong analytical and problem-solving skills.

What We Offer

At TopQuadrant, we value the following:

• Possibility: We embrace new ideas and ways of thinking. We believe in learning and moving faster.
• Humility: The best ideas win. We check our assumptions and focus on the greater good.
• Ownership: We expect each other to own processes and outcomes to completion.
• Partnership: We engage with customers as equal partners in their solutions.
• Teamwork: We build each other up and strive to be the person you’d want to work with.