[Hiring] Security Engineer @TopQuadrant

Role Description

TopQuadrant is seeking a Security Engineer with expertise in Java and the Spring Framework to enhance security in enterprise applications. This role involves securing Java-based systems and ensuring compliance with data protection regulations. The ideal candidate will have a strong background in Java development, cybersecurity, and secure application architecture.

• Design and implement security solutions for Java-based applications
• Secure applications, microservices, APIs, and databases against vulnerabilities
• Perform static (SAST) and dynamic (DAST) security testing
• Perform quarterly Vulnerability Scans and annual Penetration Test
• Manage application dependencies and vulnerabilities within established SLAs
• Implement and support authentication (OAuth, SAML), authorization (RBAC), and encryption
• Integrate security into the CI/CD pipeline to automate security testing and compliance checks
• Monitor, analyze, and respond to security incidents and security questionnaires
• Manage Drata for security monitoring, compliance automation, and audit readiness
• Ensure compliance with data protection regulations (GDPR, CCPA, HIPAA) and security frameworks (ISO 27001, NIST, SOC 2)
• Collaborate with development teams to enforce secure coding best practices via code reviews
• Work with Spring Security to enforce access controls and secure distributed applications
• Maintain and publish TopQuadrant’s Authorized Software List
• Stay updated on the latest security vulnerabilities affecting Java and Spring ecosystems

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• Strong Java development experience, with proficiency in Spring Boot and Spring Security
• Experience with secure coding practices (OWASP Top 10, CWE, etc.)
• Hands-on experience with security tools such as SonarQube and Snyk
• Knowledge of encryption techniques (AES, RSA), authentication protocols (OAuth, OpenID Connect), and API security
• Experience with cloud security best practices (AWS, Azure, or GCP)
• Certifications such as CISSP, CEH, CSSLP, or AWS Security are a plus

Requirements

• Experience securing microservices architectures and containerized applications (Docker, Kubernetes)
• Familiarity with IAM (Identity & Access Management) solutions and database security
• Knowledge of log management, SIEM solutions, and intrusion detection
• Understanding of Spring Cloud Security, API Gateway security, and service mesh security
• Strong analytical and problem-solving skills

Benefits

• Possibility (aka the “Why Not” mentality): We embrace new ideas and ways of thinking because we never let an opportunity to “level up” pass us by.
• Humility (aka “Gate check your baggage”): Best ideas win. We check our assumptions and our egos at the door.
• Ownership: Finish lines matter. We expect ourselves and each other to step up and own processes and outcomes to completion.
• Partnership: Customers value us because we provide them with superpowers they’ve never had.
• Teamwork: Be the person you’d want to work with. Build each other up.