Lead Software Engineer, Web Development

As a Lead Software Security Engineer specializing in Web development at Qualys, you will join a dedicated security engineering team committed to ensuring the highest levels of security and trust in Qualys products. This senior role is ideal for developers who are passionate about security and adept at creating reliable and scalable software. The Product Security team at Qualys operates uniquely, with a mission to drive continuous improvement throughout the product portfolio's lifecycle. Our goal is to uphold the highest standards of verifiable security, trust, and compliance. We focus on establishing a secure Software Development Life Cycle (SDLC), maintaining quality management objectives, and delivering predictable outcomes for our customers, company, and potential attackers. By identifying and resolving issues early in the development process, we streamline operations, enhance release velocity, and prioritize security at every stage. Your responsibilities will include collaborating on the development of Qualys" cutting-edge platform, crafting secure middleware and end-point components, and creating tools to support the team in assisting others effectively. You will design high-quality software following secure architecture and design principles, ensuring that developers throughout Qualys can seamlessly integrate your reliable and robust work. Additionally, you will engineer dependable libraries, APIs, and microservices that enhance security for a platform handling millions of transactions and terabytes of data daily. Your role will also involve integrating security into software designs as a primary objective. To excel in this position, you should possess exceptional Java skills and experience with frameworks such as Spring Boot and Struts, as well as Object Relationship Mapping (Hibernate) and Object-Oriented Programming principles. A solid understanding of security development lifecycle principles, data structures, algorithms, application design, and web client development architecture is essential. Proficiency in developing scalable SaaS platforms using microservices and distributed systems architecture is crucial, along with expertise in RDBMS systems (preferably Oracle) and NoSQL databases (preferably Cassandra). You should be skilled in constructing RESTful APIs for microservices and adept at business process automation to facilitate informed decision-making based on security data. Additional qualifications that would be beneficial include experience as a secret pen tester or bug bounty champion, a passion for Test Driven Development and DevSecOps, and expertise in Identity Access Management (RBAC, OpenID Connect, OAuth 2.0), encryption, and privilege management. A strong understanding of Hashing, Authentication, Symmetric Encryption, Asymmetric Encryption, Digital Signatures, and PKI, as well as familiarity with static code analysis tools and basic operations, is also advantageous.,