We are looking for a seasoned engineering leader to build and grow the Qualia Security team. The Security team is responsible for application threat modeling, design and oversight of secure development practices, development of tooling for exploit prevention and intrusion detection, and educating the engineering organization on security best practices.

Security engineers need to have broad and deep technical knowledge. Security cannot be reduced down to a static bag of tricks. It requires sophisticated knowledge of how all software works and mature mental models of how to reason about the security of complex systems. Security engineers already possess the knowledge and mental models necessary to be successful in their role and are constantly working to improve them.

Your Day to Day / Things You May Work On

• Proactively and iteratively identify possible risks and threats
• Architect secure-by-default frameworks and infrastructure, ensuring the easy path is also the secure path
• Influence and align the organization’s vision and strategy, while engaging your team to develop and deliver specific, multi-quarter roadmaps, programs, and projects
• Help shape the security roadmap at both a strategic and tactical level
• Identify security flaws in products, features and processes through design reviews, code reviews, active penetration testing, and the establishment of practical security baselines
• Develop tools to prevent, detect, investigate, and respond to security threats
• Educate the engineering organization on security best practices by providing training and acting as a subject matter expert and mentor

The Experience We Are Looking For

• Bachelor’s Degree in Computer Science or in a relevant field of study (or equivalent experience)
• 5+ years of professional software engineering experience
• Broad knowledge across the Security domain
• Development experience in Node.js, C#, Ruby, and/or Go
• Hands-on working experience with
• Penetration testing tools (e.g. Burp Suite, Nessus, Metasploit, or similar)
• DevOps (e.g. Kubernetes, AWS, Docker, monitoring tools, networking, git, etc.)
• A talent for communicating complex ideas in an easily-understandable way
• A plus for having a background in intrusion detection, security investigations and incident response