Product Security Architect

Our client is seeking a highly skilled Product Security Engineer to enhance the security architecture of their applications and services. This role offers an exciting opportunity to work in Greater Barcelona with a leading Medical Devices Company. The successful candidate will have the chance to work closely with engineering, DevOps, and security teams, ensuring robust security measures across the software development lifecycle.

As a Product Security Engineer, you will play a pivotal role in shaping the security landscape of our client's applications and services. Your deep expertise in Java, Spring Boot, OAuth2 authentication mechanisms using Cognito and Keycloak will be instrumental in defining secure application architectures. You will also be responsible for implementing data encryption strategies, securing API gateways, managing tokens, conducting security code reviews alongside engineering teams. Your proactive approach towards securing Kafka-based event-driven architectures and PostgreSQL databases will ensure robust security measures across the software development lifecycle.

• Define and implement secure application architecture for microservices and APIs.
• Design and enforce security best practices using Spring Security and OAuth2 (Cognito, Keycloak).
• Ensure compliance with OWASP, NIST, GDPR, and other security frameworks.
• Implement and manage OAuth2 and OpenID Connect (OIDC) for authentication and authorisation.
• Integrate and configure AWS Cognito and Keycloak for identity and access management.
• Develop and enforce secure coding practices in Java and Spring Boot applications.
• Implement data encryption, secure API gateways, and token management.
• Collaborate with engineering teams to conduct security code reviews and threat modelling.
• Ensure Kafka security (authentication, authorisation, and encryption).
• Implement PostgreSQL security best practices.

What you bring:

The ideal Product Security Engineer candidate brings a wealth of experience in cybersecurity or a related field. Your strong programming skills in Java, Spring Boot, and Spring Security will be crucial in this role. You have hands-on experience with OAuth2, OIDC, Cognito, and Keycloak for authentication and authorisation. Your proficiency in securing Kafka-based event-driven architectures and PostgreSQL security mechanisms will be highly valued. A deep understanding of network security, IAM, DevSecOps best practices, along with experience in threat modelling, penetration testing, vulnerability management is essential. Familiarity with compliance frameworks such as GDPR, SOC2, HIPAA will further strengthen your application.

What sets this company apart:

Our client is a leading Medical Devices Company based in Greater Barcelona. They are renowned for their commitment to innovation and quality. The company offers a supportive work environment that encourages collaboration and professional growth. They believe in investing in their employees' development and providing opportunities for continuous learning and advancement.

What's next:

Ready to take the next step in your career? Apply now!