Security Engineer
Apply for this position → Go ad-free with PremiumAbout the role
TopQuadrant is seeking a Security Engineer with expertise in Java and the Spring Framework to enhance security in enterprise applications. This role involves securing Java-based systems and ensuring compliance with data protection regulations. The ideal candidate will have a strong background in Java development, cybersecurity, and secure application architecture.
What you'll do
Design and implement security solutions for Java-based applications
Secure applications, microservices, APIs, and databases against vulnerabilities
Perform static (SAST) and dynamic (DAST) security testing
Perform quarterly Vulnerability Scans and annual Penetration Test
Manage application dependencies and vulnerabilities within established SLAs
Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption
Integrate security into the CI/CD pipeline to automate security testing and compliance checks
Monitor, analyze, and respond to security incidents and security questionnaires
Manage Drata for security monitoring, compliance automation, and audit readiness
Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2)
Collaborate with development teams to enforce secure coding best practices via code reviews
Work with Spring Security to enforce access controls and secure distributed applications
Maintain and publish TopQuadrant’s Authorized Software List
Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems
Qualifications
Bachelor's degree in Computer Science, Cybersecurity, or a related field
Strong Java development experience, with proficiency in Spring Boot and Spring Security
Experience with secure coding practices (OWASP Top 10, CWE, etc.)
Hands-on experience with security tools such as SonarQube and Snyk
Knowledge of encryption techniques (AES, RSA), authentication protocols (OAuth, OpenID Connect), and API security
Experience with cloud security best practices (AWS, Azure, or GCP)
Certifications such as CISSP, CEH, CSSLP, or AWS Security are a plus
Preferred Skills (Nice-to-Have):
Experience securing microservices architectures and containerized applications (Docker, Kubernetes).
Familiarity with IAM (Identity & Access Management) solutions and database security.
Knowledge of log management, SIEM solutions, and intrusion detection.
Understanding of Spring Cloud Security, API Gateway security, and service mesh security.
Strong analytical and problem-solving skills.
Working at TopQuadrant is best exemplified by our values:
Possibility (aka the “Why Not” mentality): We embrace new ideas and ways of thinking because we never let an opportunity to “level up” pass us by. Piloting and testing good ideas will keep us learning. In general, moving faster is better.
Humility (aka “Gate check your baggage”): Best ideas win. We check our assumptions and our egos at the door. Titles, the “the way things were,” or “should have been” just don’t matter. The best ideas focus on the greater good. When in doubt, customers (and customer value) know best.
Ownership: Finish lines matter. We expect ourselves and each other to step up and own processes and outcomes to completion. We give credit, let decision makers decide, ask for and give feedback, point fingers inward first, examine every cost, and never make excuses because that’s what makes great teams great.
Partnership: Customers value us because we provide them with superpowers they’ve never had. We do not simply provide a product or service; we engage as equal partners in their solution. We influence the outcome and express our expertise and opinions unapologetically. And when we succeed, we share in the value we deliver because we value our time, our technology, and ourselves.
Teamwork: Be the person you’d want to work with. Build each other up.
Security Engineer
About the role
TopQuadrant is seeking a Security Engineer with expertise in Java and the Spring Framework to enhance security in enterprise applications. This role involves securing Java-based systems and ensuring compliance with data protection regulations. The ideal candidate will have a strong background in Java development, cybersecurity, and secure application architecture.
What you'll do
Design and implement security solutions for Java-based applications
Secure applications, microservices, APIs, and databases against vulnerabilities
Perform static (SAST) and dynamic (DAST) security testing
Perform quarterly Vulnerability Scans and annual Penetration Test
Manage application dependencies and vulnerabilities within established SLAs
Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption
Integrate security into the CI/CD pipeline to automate security testing and compliance checks
Monitor, analyze, and respond to security incidents and security questionnaires
Manage Drata for security monitoring, compliance automation, and audit readiness
Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2)
Collaborate with development teams to enforce secure coding best practices via code reviews
Work with Spring Security to enforce access controls and secure distributed applications
Maintain and publish TopQuadrant’s Authorized Software List
Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems
Qualifications
Bachelor's degree in Computer Science, Cybersecurity, or a related field
Strong Java development experience, with proficiency in Spring Boot and Spring Security
Experience with secure coding practices (OWASP Top 10, CWE, etc.)
Hands-on experience with security tools such as SonarQube and Snyk
Knowledge of encryption techniques (AES, RSA), authentication protocols (OAuth, OpenID Connect), and API security
Experience with cloud security best practices (AWS, Azure, or GCP)
Certifications such as CISSP, CEH, CSSLP, or AWS Security are a plus
Preferred Skills (Nice-to-Have):
Experience securing microservices architectures and containerized applications (Docker, Kubernetes).
Familiarity with IAM (Identity & Access Management) solutions and database security.
Knowledge of log management, SIEM solutions, and intrusion detection.
Understanding of Spring Cloud Security, API Gateway security, and service mesh security.
Strong analytical and problem-solving skills.
Working at TopQuadrant is best exemplified by our values:
Possibility (aka the “Why Not” mentality): We embrace new ideas and ways of thinking because we never let an opportunity to “level up” pass us by. Piloting and testing good ideas will keep us learning. In general, moving faster is better.
Humility (aka “Gate check your baggage”): Best ideas win. We check our assumptions and our egos at the door. Titles, the “the way things were,” or “should have been” just don’t matter. The best ideas focus on the greater good. When in doubt, customers (and customer value) know best.
Ownership: Finish lines matter. We expect ourselves and each other to step up and own processes and outcomes to completion. We give credit, let decision makers decide, ask for and give feedback, point fingers inward first, examine every cost, and never make excuses because that’s what makes great teams great.
Partnership: Customers value us because we provide them with superpowers they’ve never had. We do not simply provide a product or service; we engage as equal partners in their solution. We influence the outcome and express our expertise and opinions unapologetically. And when we succeed, we share in the value we deliver because we value our time, our technology, and ourselves.
Teamwork: Be the person you’d want to work with. Build each other up.