Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Prevent issues from becoming incidents.
As a Lead Software Security Engineer, focusing on Web development, you will be part of a motivated security engineering team responsible for ensuring that Qualys products are built to the highest levels of security and trust. This is a senior role for developers with a passion for security who can build trustworthy and scalable software.
About Product Security at Qualys
The Product Security team operates differently. Our mission is to enable continuous improvement across the lifecycle of our product portfolio, so that Qualys can ensure the highest standards of verifiable security, trust, and compliance. Our function is to build a secure SDLC, uphold quality management objectives, and ensure predictable outcomes for customers, our company, and attackers. We find and resolve problems early, working in-line with development. This allows us to reduce friction, increase release velocity, all while keeping security front of mind and at your fingertips.
Responsibilities
- Collaborate on the development of Qualys' unparalleled platform by creating secure-by-default middleware, end-point components, and building tools for our team to succeed in helping others.
- Build high quality software adhering to secure architecture and design principles, ensuring that developers across Qualys can easily use your trustworthy and rugged work.
- Engineer trustworthy libraries, APIs, and microservices that deliver security improvements for a platform that processes over a hundred million transactions and terabytes of data daily.
- Aid in incorporating security into software designs as a first-class goal.
Qualifications
- Exceptional Java and frameworks experience like Spring Boot and Struts, Object Relationship Mapping (Hibernate), Object Oriented Programming principles.
- Good understanding of security development lifecycle principles, data structures and algorithms, application design, exposure to thick and thin (web) client development architecture.
- Proficiency in constructing scalable SaaS platforms utilizing microservices and distributed systems architecture.
- Expertise in RDBMS systems (preferably Oracle) and experience with NoSQL databases (preferably Cassandra).
- Skilled in the development and design of RESTful APIs for underlying microservices.
- Expertise in building business process automation, helping our company make informed decisions with security data and guardrails.
- Effective understanding of Hashing, Authentication, Symmetric Encryption, Asymmetric Encryption, Digital Signatures, and PKI.
- Knowledge of static code analysis tools and basic operations.
Bonus Points
- Secret pen tester or bug bounty champ.
- Passion for Test Driven Development, DevSecOps.
- Expertise in Identity Access Management (RBAC, OpenID Connect, OAuth 2.0), Encryption, privilege management.
