We are looking for a highly skilled Security Engineer with a specialization in application security and strong Java experience to join our team. The ideal candidate will play a critical role in ensuring the security of our applications and systems, identifying vulnerabilities, and supporting the development of robust security practices throughout the software development lifecycle (SDLC). This position offers the opportunity to work in a fast-moving, collaborative environment, helping businesses safeguard against threats while improving application security standards.
Key Responsibilities
- Design, implement, and maintain security solutions for web and software applications to protect against vulnerabilities and threats.
- Collaborate with development teams to ensure secure coding practices, particularly within Java-based applications.
- Identify, assess, and mitigate security risks by conducting vulnerability assessments, threat modeling, and penetration testing.
- Integrate application security controls and processes into development workflows, including DevSecOps pipelines.
- Provide expertise in secure coding standards, frameworks, and techniques to prevent common vulnerabilities such as OWASP Top 10 threats.
- Support the implementation of continuing security improvements, including tools for monitoring and detecting application threats, breaches, and intrusions.
- Work with stakeholders to define security requirements and ensure compliance with policies, regulations, standards, and industry best practices (e.g., GDPR, PCI DSS, or ISO 27001, where applicable).
- Research and recommend security tools, frameworks, and architectures suitable for Java-based applications.
- Conduct security training sessions for developers to raise awareness and promote secure coding practices.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or related technical field.
- Proven experience as a Security Engineer or in a similar role with a focus on application security.
- Strong expertise in Java development, with an ability to identify and fix security vulnerabilities in Java-based applications.
- Knowledge of secure coding practices and familiarity with frameworks such as Spring Boot or Hibernate.
- Experience with tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and vulnerability scanning tools (e.g., SonarQube, Veracode, or Burp Suite).
- Strong understanding of application vulnerabilities, mitigation techniques, and industry standards like OWASP Top 10 or CWE.
- Experience working with security protocols such as OAuth, SAML, SSL/TLS, and PKI.
- Familiarity with CI/CD build pipelines and integrating security tools into the software lifecycle.
- Excellent analytical and problem-solving skills.
- Strong communication skills, with the ability to explain technical concepts to non-technical stakeholders.
Preferred Qualifications
- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or Certified Ethical Hacker (CEH).
- Hands-on experience with cloud security frameworks and technologies, particularly for Java applications running in AWS, Azure, or Google Cloud environments.
- Experience with containerization and securing solutions in Docker or Kubernetes.
- Familiarity with database security and tools like SQL Injection prevention techniques.