Java (Security)

RESPONSIBILITIES:
Kforce has a client in Alpharetta, GA that is seeking a hybrid Java (Security) individual to join their team.

Summary:
We are looking for a hands-on Application & Cloud Security Engineer with strong Java and Cloud experience to support vulnerability remediation, secure coding, and DevSecOps enablement. This role is focused on fixing security issues, not just identifying them. The ideal candidate is a security engineer first, with the ability to work directly in Java codebases, CI/CD pipelines, containers, and cloud environments to reduce risk across modern, cloud-hosted applications.

What You'll Do:
* Remediate security vulnerabilities in Java/J2EE applications deployed in cloud environments
* Analyze and fix findings from SAST, DAST, SCA, container, and cloud security scans
* Address OWASP Top 10, CVEs, dependency vulnerabilities, and misconfigurations
* Harden applications: authentication, authorization, API security, encryption, secrets management
* Embed security into CI/CD pipelines (GitHub or GitLab) with scans and quality gates
* Partner with DevOps teams on container security (Docker) and runtime hardening
* Review cloud configurations (AWS and/or Azure) and remediate security gaps
* Support patching, upgrades, and vulnerability SLAs
* Assist with incident triage, root cause analysis, and security defect resolution
* Clearly document fixes, risks, and remediation guidance

REQUIREMENTS:
Security & Cloud:
* Hands-on experience securing applications in AWS and/or Azure
* Experience working in DevSecOps or Cloud Security environments
* Strong background in application security and vulnerability remediation
* Knowledge of IAM, network security, secrets management, logging, monitoring
* Familiarity with OWASP Top 10, CVEs, secure coding standards

Java & Engineering:
* Strong hands-on experience with Java 8+ and Java 21
* Solid experience with Spring Boot / Spring Framework (Security, MVC, Data)
* Experience securing REST and SOAP APIs
* Experience with Tomcat or JBoss
* Understanding of secure system design and architecture

DevSecOps & Tooling:
* Experience integrating security into CI/CD pipelines (GitHub or GitLab)
* Experience with JUnit, Mockito, and security-focused testing
* Experience working with SNYK, Dependabot, Wiz
* Hands-on exposure to Docker container security
* Working knowledge of SQL and database security

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.