Job Information
About the Position
Introduction
Werfen is a growing, family-owned, innovative company founded in 1966 in Barcelona, Spain. We are a worldwide leader in specialized diagnostics in the areas of Hemostasis, Acute Care Diagnostics, Transfusion, Autoimmunity, and Transplant. Through our Original Equipment Manufacturing (OEM) business line, we research, develop, and manufacture customized assays and biomaterials. We operate directly in 30 countries, and in more than 100 territories through distributors. Our Headquarters and Technology Centers are located in the US and Europe, and our workforce is more than 7,000 strong.
Overview
We are seeking a highly skilled Product Security Architect to design, implement, and enhance the security architecture of our applications and services. The ideal candidate will have deep expertise in Java, Spring Boot, and Spring Security, along with OAuth2 authentication and authorization mechanisms using Cognito and Keycloak. Experience with Kafka for event-driven architecture and PostgreSQL for database security is essential
This role requires a proactive security mindset, strong problem-solving skills, and a deep understanding of secure software development practices. You will work closely with engineering teams, DevOps, and security teams to ensure robust security measures across the software development lifecycle
Responsibilities
Key Responsibilities
- Define and implement secure application architecture for microservices and APIs
- Design and enforce security best practices using Spring Security and OAuth2 (Cognito, Keycloak)
- Ensure compliance with OWASP, NIST, GDPR, and other security frameworks
- Implement and manage OAuth2 and OpenID Connect (OIDC) for authentication and authorization
- Integrate and configure AWS Cognito and Keycloak for identity and access management
- Develop and enforce secure coding practices in Java and Spring Boot applications
- Implement data encryption, secure API gateways, and token management
- Collaborate with engineering teams to conduct security code reviews and threat modeling
- Ensure Kafka security (authentication, authorization, and encryption)
- Implement PostgreSQL security best practices, including encryption, access controls, and monitoring
- Secure inter-service communication using mTLS, JWT, and OAuth2 tokens
- Implement logging, monitoring, and anomaly detection for security events
Qualifications
Required Qualifications and Skills
- Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience)
- Strong programming skills in Java, Spring Boot, Spring Security
- Hands-on experience with OAuth2, OIDC, Cognito, and Keycloak for authentication and authorization
- Experience securing Kafka-based event-driven architectures
- Proficiency in PostgreSQL security mechanisms (encryption, auditing, access control)
- Knowledge of microservices security, API security (JWT, OAuth2), and secure RESTful APIs
- Strong understanding of network security, IAM, and DevSecOps best practices
- Experience with threat modeling, penetration testing, and vulnerability management
- Familiarity with compliance frameworks (GDPR, SOC2, HIPAA, etc.)
If you are interested in constantly learning and being challenged on a daily basis, we encourage you to submit your resume or CV.
Werfen appreciates and values diversity. We are an Equal Opportunity/Affirmative Action Employer M/F/D/V.
www.werfen.com