Build secure, scalable backend solutions that protect the world's leading financial institutions.
The Role
Capco is looking for an experienced Backend Developer with strong Java and Spring expertise who has delivered secure backend applications and worked on security vulnerability remediation initiatives. You'll play a key role in designing, developing, and strengthening enterprise backend platforms, ensuring security is embedded throughout the software development lifecycle.
Working alongside talented engineers, architects, and security specialists, you'll help deliver resilient, high-performing applications that safeguard sensitive customer and financial data while supporting large-scale digital transformation programmes.
What You'll Do
- Design, develop, and maintain secure backend applications using Java, Spring Boot, and modern microservices architecture.
- Identify, remediate, and prevent security vulnerabilities including SQL Injection, CSRF, XSS, insecure secrets management, and exposure of sensitive information.
- Build and secure REST APIs using authentication, authorization, encryption, and industry-standard security controls.
- Partner with engineering, architecture, and cybersecurity teams to improve backend architecture, security posture, and application resilience.
- Champion secure coding practices, code reviews, and continuous improvement across the software development lifecycle.
What We're Looking For
- Strong commercial experience developing backend applications using Java, Spring Boot, and RESTful APIs.
- Experience working on application security initiatives, vulnerability remediation projects, or secure software development within enterprise environments.
- Strong understanding of backend security fundamentals including authentication vs. authorization, CSRF protection, SQL injection prevention, secure secrets management, XSS mitigation, and protection of personally identifiable information (PII).
- Experience designing or supporting secure microservices architectures, including secure service-to-service communication and API security.
- Strong communication and collaboration skills with the ability to work effectively across multidisciplinary engineering teams.
Bonus Points For
- Experience working within financial services or other highly regulated industries.
- Knowledge of OAuth2, OpenID Connect, JWT, TLS, mTLS, or API gateway security.
- Experience with cloud platforms such as AWS, Azure, or Google Cloud and their security services.
- Familiarity with DevSecOps practices, CI/CD security scanning, and automated vulnerability management.
- Security-related certifications such as CSSLP, Security+, AWS Security Specialty, or similar.
Pay Transparency
The salary range for this position is listed below. Additionally, this position may also be eligible to receive an annual discretionary/variable bonus payment.
Capco is committed to providing fair and equitable compensation to our people. Our compensation policies and salary ranges are designed to allow our people to progress through the salary range as they demonstrate strong performance and develop in their role over time. The base pay offered to selected candidates will be within the salary range and the placement will vary based upon a variety of factors, including, but not limited to job-related knowledge, skills, experience and internal equity.
Similar Jobs at Capco
What you need to know about the San Francisco Tech Scene
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine

