nexttech international srl locuri de muncă

About Nexttech

Founded in 2015, Nexttech has built a solid foundation in delivering comprehensive IT solutions tailored to meet diverse client needs. With expertise spanning five key industry sectors—Banking, Energy, Telecom, Automotive and E-commerce & Logistics—we provide nearshore and onshore services designed to drive efficiency and support strategic growth.

Our team supports every phase of the Software Development Life Cycle (SDLC), from developing detailed roadmaps and resolving complex software challenges to ensuring quick time-to-market and optimized ROI.

About the Role:

We’re looking for a Security Champion with strong technical roots in Java ecosystems (Spring Boot, Maven, Gradle) and a passion for integrating security seamlessly into development workflows.

In this role, you’ll be responsible for integrating and monitoring security tools in our CI/CD pipelines (such as Nexus IQ, Fortify, and SonarQube security reports), assessing risks, supporting development teams in resolving vulnerabilities, and driving security best practices across our codebase and third-party dependencies.

This is not a pure AppSec role — we’re looking for someone who thinks like an engineer but advocates like a security pro.

Key responsibilities

• Integrate and maintain security tools in CI/CD pipelines (e.g., Nexus IQ, Fortify, SonarQube security rules).
• Assess and prioritize vulnerabilities found during scans and reports.
• Work closely with engineering teams to negotiate, plan, and follow up on remediation strategies.
• Define and evolve coding standards related to security, including 3rd-party library policies.
• Provide risk assessments for unresolved or postponed issues, escalating as necessary.
• Maintain long-term visibility and reporting of security issues and resolution progress.
• Support in defining and tracking secure coding KPIs.
• Be a bridge between security and engineering, promoting a “security as code” culture.
• Stay updated on Java and web security trends, and help evolve the internal practices accordingly.

Must-Have Skills & Experience

• Solid experience as a developer or technical security role, ideally with Java / Spring Boot projects.
• Strong knowledge of build systems and dependency management: Maven, Gradle.
• Experience with integrating security tools in CI/CD pipelines (e.g., Jenkins, GitLab CI).
• Familiarity with code scanning tools (Fortify, SonarQube) and dependency scanning (Nexus IQ or similar).
• Understanding of OWASP Top 10, SAST/DAST concepts, CVSS scoring, and remediation strategies.
• Comfortable working cross-functionally — with developers, architects, and security teams.
• Fluent in risk-based thinking: you know when to escalate and when to empower.

Nice to Have

• Exposure to Kubernetes, containers, or cloud-native security concepts.
• Experience in agile development environments and DevSecOps practices.
• Background in threat modeling or secure design reviews.

What We Offer

• The chance to influence security tooling, practices, and culture from within the delivery lifecycle.
• Autonomy and visibility working closely with both the security and engineering leadership.
• Competitive compensation and career growth in a high-impact role.