Senior Java Security Engineer

At Cream City Cyber, we understand the convergence of physical and digital risks and how they impact businesses and governments alike. Our battle-tested experts have been trusted advisors for decades, offering tailored security solutions to help clients navigate evolving landscapes. We strive to mitigate risks with confidence, enabling our partners to thrive in a connected world.

We are seeking a talented, self-motivated Senior Java Security Engineer who is passionate about application security and building secure, high-performance backend services and platforms. The ideal candidate will have deep hands-on experience designing, building, and securing Java-based systems (microservices, APIs, and supporting infrastructure) with a security-first mindset. This role is focused on consulting and evaluating secure software engineering and application security, including architecture reviews, secure coding practices, threat modeling, vulnerability remediation, and secure SDLC enablement.

This is a unique opportunity to contribute to critical systems that protect millions of users globally. If you are passionate about building secure, scalable products and are eager to shape the future of our digital platform, this role is for you!

• Design, develop, and maintain robust, scalable Java backend services and APIs using modern frameworks (e.g., Spring/Spring Boot, Jakarta EE).
• Build and evolve secure microservices architectures, including service-to-service authentication, authorization, and secure communication patterns.
• Contribute to the entire development lifecycle, from concept and design to deployment and maintenance, with a security-first mindset.
• Help design and implement comprehensive security architectures for backend platforms, ensuring secure data flow across services, APIs, and supporting systems.
• Optimize performance, reliability, and scalability while enforcing secure coding standards and defensive programming practices.

• Conduct manual and automated secure code reviews (primarily Java) to identify security flaws and improve code quality.
• Perform threat modeling, identify vulnerabilities, and develop risk mitigation strategies for APIs, services, and distributed systems.
• Troubleshoot, debug, and upgrade existing systems, ensuring security patches and dependency updates are applied promptly.
• Ensure compliance with standards such as OWASP Top 10, secure API best practices, and data privacy/security requirements.
• Integrate and manage database technologies such as Postgre
  
  SQL, MySQL, Oracle, or Mongo
  
  DB, ensuring secure configurations, encryption, and safe query patterns.
• Partner with engineering teams to build strong authentication and authorization (e.g., OAuth2/OIDC, JWT, RBAC/ABAC) and implement secure secrets management.

• Collaborate with cross-functional teams (engineers, leadership, risk analysts, operations, etc.) to embed security and best practices throughout the SDLC.
• Partner with developers and platform teams to ensure encryption in transit/at rest, secure key management, and secure data storage are integral to connected applications.
• Collaborate with teams to integrate and automate security checks, SAST/SCA, dependency scanning, and vulnerability management within CI/CD pipelines.
• Write clear technical documentation, contribute to secure engineering guidelines, and provide support where required.

• Stay updated on emerging security threats, technologies, and industry trends to continuously improve our applications’ security posture.
• Manage the vulnerability lifecycle from discovery through remediation, verification, and monitoring.
• Ensure secure API integrations to prevent injection attacks, data exposure, broken auth, SSRF, deserialization, and other common vulnerabilities.
• Help inform, develop, and enforce security policies, standards, and guidelines for secure software development practices.
• Champion secure-by-design improvements such as standardized libraries, secure frameworks, and reusable security components.

• Bachelor’s degree in computer science, software engineering, or a related field, and 7+ years of experience in backend software engineering with significant Java depth.
• Proven experience building and securing production-grade Java services using Spring/Spring Boot (or comparable Java frameworks).
• Strong proficiency in Java (modern versions preferred), including concurrency, performance tuning, JVM fundamentals, and secure coding practices.
• Demonstrated understanding of application security vulnerabilities (e.g., OWASP Top 10) and remediation techniques in real-world systems.
• Experience with secure API design patterns (REST and/or gRPC), authentication/authorization, and secure session/token handling.
• Experience with database technology such as Postgre
  
  SQL, MySQL, Oracle, and/or Mongo
  
  DB, including secure schema design and safe query…