Identify, assess, and remediate security vulnerabilities in Java-based applications, including Spring Boot services, APIs, and microservices
Protect high-traffic ecommerce platforms against OWASP Top 10 risks and ecommerce-specific threats such as:

SQL/NoSQL injection, XSS, CSRF
Broken authentication and session management
Business logic vulnerabilities (checkout flows, pricing, promotions, abuse scenarios)
Account takeover, credential stuffing, and automated bot attacks

Secure checkout processes, payment integrations, subscription models, and customer data handling
Perform secure code reviews and participate in threat modeling for new application features

API & Integration Security

Design and enforce security controls for REST and GraphQL APIs
Implement strong authentication, authorization, and rate-limiting strategies
Prevent API abuse, scraping, and data exfiltration
Apply secure standards such as OAuth2, JWT, and robust token lifecycle management

DevSecOps & CI/CD Security

Integrate and manage security tooling across CI/CD pipelines, including:

Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Software Composition Analysis (SCA)
Secrets detection

Secure build, release, and deployment pipelines
Enforce secure coding standards through automation and policy-as-code
Own and improve infrastructure-as-code (Terraform) security for application environments

Cloud Security (AWS)

Secure application workloads running on AWS services such as EKS/ECS, EC2, Lambda, API Gateway, S3, and RDS
Design and validate cloud security controls, including:

IAM roles and least-privilege access models
Network segmentation using VPCs, security groups, and private/public boundaries
Secrets management using managed cloud services
Encryption of data at rest and in transit

Collaborate with infrastructure teams to align application security with enterprise cloud guardrails

Runtime Protection & Detection

Implement and tune web application firewalls (WAF), bot protection, and rate limiting for ecommerce platforms
Partner with infrastructure and security operations teams to ensure endpoint and workload protection coverage
Support detection and response improvements for web, application, and API-layer attacks
Triage and remediate findings from penetration tests, purple team exercises, and assumed breach scenarios

Security Program Execution

Translate security findings into prioritized, actionable engineering work
Partner with external security vendors and testing teams to align risk remediation with business impact
Drive adoption of secure development practices across engineering teams
Act as a security bridge between application engineering, infrastructure teams, and external partners

Must Have / Required:

5+ years of experience in Security Engineering, DevSecOps, or DevOps roles
Strong hands-on experience securing Java-based web applications (Spring Boot, microservices)
Deep understanding of OWASP Top 10 and ecommerce attack patterns
Proven experience securing applications in AWS cloud environments
Hands-on experience with CI/CD security tooling, including:

SAST tools (e.g., Checkmarx, Veracode or similar)
SCA tools (e.g., Snyk, Dependabot or equivalent)
DAST and secrets management solutions

Strong knowledge of API security concepts such as OAuth2, JWT, and rate limiting
Experience with infrastructure-as-code, preferably Terraform

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively “Judge”) to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Apply now

See more open positions at The Judge Group

Powered by Getro.com

Privacy policy Cookie policy