Senior Java Cloud Security Engineer

Hybrid role from Toronto office, work needs to be done in EST hours

We are seeking a Senior Software Developers to help advance FedRAMP readiness for a Java-based, AWS-deployed cloud service that powers search capabilities across products.

This is a hands-on delivery role focused on implementing application-level security, compliance, and platform-readiness improvements in an existing production service. You will work across Java 21 and Spring Boot services and AWS managed services such as OpenSearch Serverless, DynamoDB, MSK/Kafka, ElastiCache Redis, and S3.

The work spans secure configuration, FIPS-aware service integration, API hardening, rate limiting, audit logging, service-to-service authorization, container hardening, SBOM generation, observability automation, and regionalized testing. We are looking for people who can contribute quickly in an established codebase with limited ramp-up, while collaborating closely with engineering, security, and operations partners.

Responsibilities

• Implement externalized, environment-driven configuration to support new AWS regions and deployment targets without code changes.
• Add and validate FIPS-compatible endpoint support across AWS SDK clients and related service integrations.
• Harden APIs by restricting CORS, adding security headers, and implementing application-level rate limiting and 429 handling.
• Enhance structured audit logging to support security monitoring, event categorization, and compliance reporting while ensuring log hygiene for PII and secrets.
• Implement fine-grained service-to-service authorization using OAuth 2.0 and JWT scopes, including configurable policy mapping and clear authorization failure handling.
• Strengthen container security by hardening Dockerfiles and integrating image scanning and SBOM generation into the CI/CD pipeline.
• Create repeatable observability assets such as dashboards, alerts, health checks, and SLI/SLO templates for new environment setup.
• Remove region-specific assumptions from test code and validate application behavior across current and target AWS region configurations.
• Write and maintain unit, integration, and validation tests for the changes delivered, and support CI/CD and environment validation activities.
• Partner closely with engineers to refine implementation details, review code, document technical decisions, and deliver production-quality software.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience.

• 6+ years of professional software development experience in backend, platform, or cloud engineering roles.

• Strong hands-on experience with Java and Spring Boot in distributed or cloud-native services.

• Hands-on experience building and maintaining services on AWS, including use of the AWS SDK and service configuration across multiple environments.

• Experience implementing security and compliance-related features such as secure configuration, authorization, audit logging, rate limiting, API hardening, or similar controls.

• Experience with OAuth 2.0, JWT-based authorization, and service-to-service access control patterns.

• Experience with automated testing, debugging, and working within CI/CD pipelines and containerized delivery workflows.

• Ability to work effectively in an existing codebase, make pragmatic technical decisions, and deliver well-tested changes with limited hand-holding.

• Strong written and verbal communication skills and the ability to collaborate across engineering, security, and operations stakeholders.

Preferred Qualifications

• Experience with FedRAMP, FIPS, NIST SP 800-53, AWS GovCloud, or other regulated cloud and security frameworks.

• Familiarity with OpenSearch Serverless, DynamoDB, MSK/Kafka, S3, ElastiCache Redis, or similar AWS managed services.

• Experience with structured JSON logging, Splunk CIM normalization, or security event taxonomy design.

• Experience with Jenkins, Docker, container scanning tools, and SBOM generation in CycloneDX or SPDX format.

• Experience creating or automating dashboards, alerts, health checks, or SLI/SLO definitions using tools such as Dynatrace, Grafana, or similar platforms.

• Experience externalizing configuration for multi-environment or multi-region deployments.

• Experience working in a hybrid team model with good overlap with Eastern Time.

What success looks like

• Security and compliance gaps are closed through maintainable application-level changes rather than one-off workarounds.

• New AWS region and FedRAMP-related deployment targets can be supported with less manual configuration and less environment-specific code.

• The service becomes easier to validate, audit, monitor, and operate through better logging, automation, and test coverage.

• Changes are delivered with strong documentation, clear validation results, and smooth collaboration.

Our Fortune Technology client is ranked as one of the best companies to work with in the world. As a global leader in 3D design, engineering, and entertainment software, they foster a progressive culture, creativity, and a flexible work environment using cutting-edge technologies.