Senior Software Developer, Cloud Security & Compliance

Title: Senior Software Developer, Cloud Security & Compliance
Location: Toronto, ON
 
Position Overview:

• Client is seeking two contingent Senior Software Developers to help advance FedRAMP readiness for a Java-based, AWS-deployed cloud service that powers search capabilities across Client’s products.
• This is a hands-on delivery role focused on implementing application-level security, compliance, and platform-readiness improvements in an existing production service.
• You will work across Java 21 and Spring Boot services and AWS managed services such as OpenSearch Serverless, DynamoDB, MSK/Kafka, ElastiCache Redis, and S3.
• The work spans secure configuration, FIPS-aware service integration, API hardening, rate limiting, audit logging, service-to-service authorization, container hardening, SBOM generation, observability automation, and regionalized testing.
• We are looking for people who can contribute quickly in an established codebase with limited ramp-up, while collaborating closely with engineering, security, and operations partners.

 
Responsibilities:

• Implement externalized, environment-driven configuration to support new AWS regions and deployment targets without code changes.
• Add and validate FIPS-compatible endpoint support across AWS SDK clients and related service integrations.
• Harden APIs by restricting CORS, adding security headers, and implementing application-level rate limiting and 429 handling.
• Enhance structured audit logging to support security monitoring, event categorization, and compliance reporting while ensuring log hygiene for PII and secrets.
• Implement fine-grained service-to-service authorization using OAuth 2.0 and JWT scopes, including configurable policy mapping and clear authorization failure handling.
• Strengthen container security by hardening Dockerfiles and integrating image scanning and SBOM generation into the CI/CD pipeline.
• Create repeatable observability assets such as dashboards, alerts, health checks, and SLI/SLO templates for new environment setup.
• Remove region-specific assumptions from test code and validate application behavior across current and target AWS region configurations.
• Write and maintain unit, integration, and validation tests for the changes delivered, and support CI/CD and environment validation activities.
• Partner closely with Client’s engineers to refine implementation details, review code, document technical decisions, and deliver production-quality software.

 
Minimum Qualifications:

• Bachelor’s degree in Computer Science, Engineering, or a related technical field, or equivalent practical experience.
• 6+ years of professional software development experience in backend, platform, or cloud engineering roles.
• Strong hands-on experience with Java and Spring Boot in distributed or cloud-native services.
• Hands-on experience building and maintaining services on AWS, including use of the AWS SDK and service configuration across multiple environments.
• Experience implementing security and compliance-related features such as secure configuration, authorization, audit logging, rate limiting, API hardening, or similar controls.
• Experience with OAuth 2.0, JWT-based authorization, and service-to-service access control patterns.
• Experience with automated testing, debugging, and working within CI/CD pipelines and containerized delivery workflows.
• Ability to work effectively in an existing codebase, make pragmatic technical decisions, and deliver well-tested changes with limited hand-holding.
• Strong written and verbal communication skills and the ability to collaborate across engineering, security, and operations stakeholders.

 
Preferred Qualifications:

• Experience with FedRAMP, FIPS, NIST SP 800-53, AWS GovCloud, or other regulated cloud and security frameworks.
• Familiarity with OpenSearch Serverless, DynamoDB, MSK/Kafka, S3, ElastiCache Redis, or similar AWS managed services.
• Experience with structured JSON logging, Splunk CIM normalization, or security event taxonomy design.
• Experience with Jenkins, Docker, container scanning tools, and SBOM generation in CycloneDX or SPDX format.
• Experience creating or automating dashboards, alerts, health checks, or SLI/SLO definitions using tools such as Dynatrace, Grafana, or similar platforms.
• Experience externalizing configuration for multi-environment or multi-region deployments.
• Experience working in a hybrid team model with good overlap with Eastern Time.
• What success looks like
• Security and compliance gaps are closed through maintainable application-level changes rather than one-off workarounds.
• New AWS region and FedRAMP-related deployment targets can be supported with less manual configuration and less environment-specific code.
• The service becomes easier to validate, audit, monitor, and operate through better logging, automation, and test coverage.
• Changes are delivered with strong documentation, clear validation results, and smooth collaboration with the Client’s Search 3.0 team

 

At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position's starting pay is: $66.77/hr.