Talent.com
This job offer is not available in your country.
Security Champion

Security Champion

Nexttech International SRLCluj-Napoca, Cluj, Romania
30+ days ago
Job description

About Nexttech

Founded in 2015 , Nexttech has built a solid foundation in delivering comprehensive IT solutions tailored to meet diverse client needs. With expertise spanning five key industry sectors— Banking, Energy, Telecom, Automotive and E-commerce & Logistics —we provide nearshore and onshore services designed to drive efficiency and support strategic growth.

Our team supports every phase of the Software Development Life Cycle (SDLC) , from developing detailed roadmaps and resolving complex software challenges to ensuring quick time-to-market and optimized ROI.

About the Role :

We’re looking for a Security Champion with strong technical roots in Java ecosystems (Spring Boot, Maven, Gradle) and a passion for integrating security seamlessly into development workflows.

In this role, you’ll be responsible for integrating and monitoring security tools in our CI / CD pipelines (such as Nexus IQ, Fortify, and SonarQube security reports ), assessing risks, supporting development teams in resolving vulnerabilities, and driving security best practices across our codebase and third-party dependencies.

This is not a pure AppSec role — we’re looking for someone who thinks like an engineer but advocates like a security pro.

Key responsibilities

  • Integrate and maintain security tools in CI / CD pipelines (e.g., Nexus IQ, Fortify, SonarQube security rules).
  • Assess and prioritize vulnerabilities found during scans and reports.
  • Work closely with engineering teams to negotiate, plan, and follow up on remediation strategies.
  • Define and evolve coding standards related to security , including 3rd-party library policies.
  • Provide risk assessments for unresolved or postponed issues, escalating as necessary.
  • Maintain long-term visibility and reporting of security issues and resolution progress.
  • Support in defining and tracking secure coding KPIs .
  • Be a bridge between security and engineering , promoting a “security as code” culture.
  • Stay updated on Java and web security trends , and help evolve the internal practices accordingly.

Must-Have Skills & Experience

  • Solid experience as a developer or technical security role, ideally with Java / Spring Boot projects .
  • Strong knowledge of build systems and dependency management : Maven, Gradle.
  • Experience with integrating security tools in CI / CD pipelines (e.g., Jenkins, GitLab CI).
  • Familiarity with code scanning tools (Fortify, SonarQube) and dependency scanning (Nexus IQ or similar).
  • Understanding of OWASP Top 10, SAST / DAST concepts, CVSS scoring, and remediation strategies.
  • Comfortable working cross-functionally — with developers, architects, and security teams.
  • Fluent in risk-based thinking : you know when to escalate and when to empower.

    • Nice to Have

  • Exposure to Kubernetes, containers, or cloud-native security concepts.
  • Experience in agile development environments and DevSecOps practices.
  • Background in threat modeling or secure design reviews.

    • What We Offer

  • The chance to influence security tooling, practices, and culture from within the delivery lifecycle.
  • Autonomy and visibility working closely with both the security  and engineering leadership .
  • Competitive compensation and career growth in a high-impact role .
    • Create a job alert for this search

    Security • Cluj-Napoca, Cluj, Romania