Job Description
Key Responsibilities
- Design, implement, and maintain HTTPS and secure communication across Java backend services
- Configure and manage SSL/TLS certificates (Let’s Encrypt, commercial CAs, internal PKI)
- Secure Apache Tomcat servers including keystores, truststores, ciphers, protocols, ports, and connectors
- Configure secure URL access, firewall rules, and integrate with reverse proxies
- Harden MySQL security: user roles, permissions, network access, encryption, and secure backups
- Implement application-level security controls: authentication, authorization, token-based access, API security
- Conduct security audits and vulnerability assessments for backend services
- Support secure deployment in on-premises and cloud environments
- Collaborate closely with backend developers and DevOps teams to ensure security best practices
- Prepare detailed security documentation and deployment guidelines for internal teams and customers
Required Skills & Experience
- Strong hands-on experience with Java backend development
- Deep understanding of HTTPS, SSL/TLS, PKI, and certificate management
- Experience securing Tomcat servers and Java web applications
- Knowledge of MySQL security best practices
- Familiarity with authentication and authorization mechanisms (OAuth, JWT, SAML)
- Ability to perform security audits, vulnerability scanning, and risk mitigation
- Hands-on experience with firewalls, reverse proxies, and secure network configurations
- Understanding of cloud security principles (AWS, Azure, or GCP)
- Strong communication and documentation skills
Preferred Qualifications
- Experience with Spring Security and secure API development
- Knowledge of DevSecOps practices and CI/CD pipeline security
- Familiarity with container security (Docker, Kubernetes)
- Industry certifications like CISSP, CEH, or OSCP are a plus
Engagement Details
- Location: Remote / Onsite (depending on candidate preference)
- Contract: Full-time or long-term freelance
- Compensation: Competitive, based on experience
