Senior Java Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Cream City Cyber · 1 week ago

Senior Java Security Engineer

positionGreater Milwaukee
timeFull-time
remoteHybrid
senioritySenior Level
date7+ years exp

Cream City Cyber is a company that specializes in providing tailored security solutions to businesses and governments. They are seeking a Senior Java Security Engineer who will be responsible for designing, building, and securing Java-based systems with a focus on application security and secure software engineering practices.

Information Technology & Services

Responsibilities

Design, develop, and maintain robust, scalable Java backend services and APIs using modern frameworks (e.g., Spring/Spring Boot, Jakarta EE)
Build and evolve secure microservices architectures, including service-to-service authentication, authorization, and secure communication patterns
Contribute to the entire development lifecycle, from concept and design to deployment and maintenance, with a security-first mindset
Help design and implement comprehensive security architectures for backend platforms, ensuring secure data flow across services, APIs, and supporting systems
Optimize performance, reliability, and scalability while enforcing secure coding standards and defensive programming practices
Conduct manual and automated secure code reviews (primarily Java) to identify security flaws and improve code quality
Perform threat modeling, identify vulnerabilities, and develop risk mitigation strategies for APIs, services, and distributed systems
Troubleshoot, debug, and upgrade existing systems, ensuring security patches and dependency updates are applied promptly
Ensure compliance with standards such as OWASP Top 10, secure API best practices, and data privacy/security requirements
Integrate and manage database technologies such as PostgreSQL, MySQL, Oracle, or MongoDB, ensuring secure configurations, encryption, and safe query patterns
Partner with engineering teams to build strong authentication and authorization (e.g., OAuth2/OIDC, JWT, RBAC/ABAC) and implement secure secrets management
Collaborate with cross-functional teams (engineers, leadership, risk analysts, operations, etc.) to embed security and best practices throughout the SDLC
Partner with developers and platform teams to ensure encryption in transit/at rest, secure key management, and secure data storage are integral to connected applications
Collaborate with teams to integrate and automate security checks, SAST/SCA, dependency scanning, and vulnerability management within CI/CD pipelines
Write clear technical documentation, contribute to secure engineering guidelines, and provide support where required
Stay updated on emerging security threats, technologies, and industry trends to continuously improve our applications’ security posture
Manage the vulnerability lifecycle from discovery through remediation, verification, and monitoring
Ensure secure API integrations to prevent injection attacks, data exposure, broken auth, SSRF, deserialization, and other common vulnerabilities
Help inform, develop, and enforce security policies, standards, and guidelines for secure software development practices
Champion secure-by-design improvements such as standardized libraries, secure frameworks, and reusable security components

Qualification

JavaSpring/Spring BootApplication SecuritySecure API DesignDatabase TechnologiesSecurity ToolingProblem-SolvingCommunicationCollaborationContinuous LearningAttention to Detail

Required

Bachelor's degree in computer science, software engineering, or a related field, and 7+ years of experience in backend software engineering with significant Java depth
Proven experience building and securing production-grade Java services using Spring/Spring Boot (or comparable Java frameworks)
Strong proficiency in Java (modern versions preferred), including concurrency, performance tuning, JVM fundamentals, and secure coding practices
Demonstrated understanding of application security vulnerabilities (e.g., OWASP Top 10) and remediation techniques in real-world systems
Experience with secure API design patterns (REST and/or gRPC), authentication/authorization, and secure session/token handling
Experience with database technology such as PostgreSQL, MySQL, Oracle, and/or MongoDB, including secure schema design and safe query patterns
Familiarity with version control tools like Git and modern CI/CD workflows
Experience with common security tooling and practices such as SAST, SCA, secrets scanning, dependency management, and SBOM fundamentals

Preferred

Relevant security certifications (e.g., CISSP, CSSLP, GIAC, CEH, GWEB)
Experience with application security testing tools and workflows (e.g., Burp Suite, OWASP ZAP, SAST/SCA platforms, container/image scanning)
Experience with cloud platforms (AWS, Azure, GCP) and containers (Docker, Kubernetes) including secure deployment patterns
Knowledge of secure architecture for distributed systems (zero trust principles, service meshes, mTLS, policy-as-code)
Experience hardening Java applications (secure dependency strategies, secure deserialization, input validation frameworks, secure logging/monitoring)
Familiarity with regulatory or compliance frameworks (SOC 2, ISO 27001, PCI, HIPAA) as they relate to application security controls

Company

Cream City Cyber

twitter
company-logo
Cream City Cyber is a global cyber-risk consulting firm. We believe, the best method for managing risk is to actively plan and prepare for risk.
dateFounded in 2023
location
Milwaukee, WI, US
people-size11-50 employees
web-link
https://www.creamcitycyber.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase