Java Backend Engineer
Role Summary
We’re looking for a hands-on Java backend engineer to design, build, and operate services that enable network-tokenized payments across Mastercard ecosystems: Click to Pay (SRC), Apple Pay, Google Pay, and Samsung Pay.
You’ll integrate with Mastercard (MPGS/MDES), implement secure token lifecycle flows, and deliver high-availability APIs with strong security and compliance (PCI DSS).
Key Responsibilities
Design and develop backend services/APIs in Java (Spring Boot) for:
Mastercard Click to Pay (SRC 2.X) enrollment, profile, cryptograms, and checkout orchestration.
Wallet token flows for Apple Pay / Google Pay / Samsung Pay (tokenization, provisioning, PAN/D-PAN handling via MDES, cryptogram verification, payment token decryption/validation paths, when applicable).
MPGS authorization/capture/refund/void flows and webhook/callback handlers.
Implement network token lifecycle: provisioning, suspension, resume, PAN mapping, detokenization (where applicable) and card-on-file updates.
Build merchant validation / domain association flows (e.G., Apple merchant validation, GPay gateway params), and manage SRC profiles.
Implement robust security: JWE/JWS, JWT signing, HSM/TR-31 usage (or KMS alternatives), mTLS, key rotation, and secrets management.
Ensure PCI DSS compliant logging, data minimization, and tokenized storage.
Optimize service performance & scalability (caching, connection pools, async processing, idempotency keys, outbox pattern, retries, circuit breakers).
Create CI/CD pipelines (GitLab + ArgoCD), IaC templates, and production run-books.
Observability: structured logging, distributed tracing, metrics, dashboards, and alerts (SLOs/SLAs).
Partner with frontend/mobile teams for Click to Pay UX and wallet checkout payload exchange contracts.
Produce technical docs (API specs, sequence diagrams) and support audits/certifications.
Must-Have Skills
Java 17+, Spring Boot, REST/gRPC, Gradle/Maven.
Deep knowledge of payments: authorization flows, cryptograms (3DS2/CAVV/ECI), tokenization, PAN/D-PAN mapping, BIN ranges, merchant/acquirer concepts.
Experience with Mastercard integrations (e.G., MPGS, MDES or issuer/acquirer rails).
Practical know-how of Apple Pay / Google Pay / Samsung Pay server-side flows:
Merchant validation (Apple) and payment token processing patterns.
Google Pay/Samsung Pay gateway processing and payload verification.
SRC (Click to Pay) concepts: SRCI, profiles, identity, EMVCo specs (high level).
Security/crypto: JWE/JWS, JWT, mTLS, certificate pinning, KMS/HSM concepts, nonce/IV handling.
Data stores: MySQL/PostgreSQL, schema design, indexes, query performance tuning.
Messaging & patterns: Outbox, Idempotency, Retry/Backoff, Circuit Breaker.
Cloud & containers: Docker, Kubernetes/GKE, GitLab CI, ArgoCD.
Observability: OpenTelemetry, Prometheus/Grafana, log aggregation.
Strong understanding of PCI DSS controls relevant to application development.
Nice-to-Have
Kotlin experience;
familiarity with Go forperf-critical services.
NATS/RabbitMQ/Kafka for async flows.
Experience with MPGS features (3DS server integration, session IDs, token vaults).
Knowledge of 3DS 2.2, SCA, risk-based authentication, and dispute flows.
GCP stack: GKE Autopilot, Cloud SQL, Secret Manager, Cloud Armor, Pub/Sub.
Caching: Redis;
API gateways: Kong/Apigee.