At Qualia, we’ve built a new class of real estate technology that simplifies home buying and selling into an easy, understandable, and secure process. Our products bring together users from across the real estate ecosystem—homebuyers and sellers, lenders, title and escrow agents, and real estate agents—onto a single shared platform, providing greater clarity and transparency to real estate transactions. Today, millions of consumers use Qualia to close on homes every year.
Our security team is responsible for ensuring the security of both our technology and our organization as a whole. The team is responsible for application threat modeling, active penetration testing, design and oversight of secure development practices, development of tooling for exploit prevention and intrusion detection, and educating the organization on security best practices.
We take security extremely seriously and do not drag our metaphorical feet on it. Yes, sometimes taking proper security measures can seem onerous or paranoid. But we've got our priorities straight.
As a senior security engineer, you will both directly work on object-level security challenges and also help create meta-level security principles to guide the organization as a whole. You are expected to have “been around the block” but to also keep up-to-date on novel developments in the security industry. You will be a mentor to engineers across the entire team.
Senior security engineers need to have broad and deep technical knowledge. Security cannot be reduced down to a static bag of tricks. It requires sophisticated knowledge of how all software works and mature mental models of how to reason about the security of complex systems. Senior security engineers already possess the knowledge and mental models necessary to be successful in their role and are constantly working to improve them.
Your Day to Day / Things You May Work On
- Architect secure-by-default frameworks and infrastructure, ensuring the easy path is also the secure path
- Help shape the security roadmap at both a strategic and tactical level
- Identify security flaws in technologies and processes through design reviews, code reviews, active penetration testing, and the establishment of practical security baselines
- Develop and operate tools to prevent, detect, investigate, and respond to security threats
- Reproduce vulnerability findings from multiple sources—including penetration tests, tooling, and external reports—and communicate the risk associated with those findings to the business
- Educate the company on security best practices by providing training and acting as a subject matter expert and mentor
The Experience We Are Looking For
- A strong interest in security and a curiosity for how things work
- Bachelor’s Degree in Computer Science or in a relevant field of study (or equivalent experience)
- 5+ years of professional software engineering experience
- 3+ years of professional software security experience
- Development experience in Node.js, C#, Ruby, and/or Go
- Hands-on working experience with
- Penetration testing tools (e.g. Burp Suite, Nessus, Metasploit, or similar)
- DevOps (e.g. Kubernetes, AWS, Docker, monitoring tools, networking, git, etc.)
- A talent for communicating complex ideas in an easily-understandable way
- Our flat company structure empowers engineers to make product decisions
- We have a collaborative culture where engineers mentor each other
- Our team members take time to eat together and share conversation at our daily catered lunches
- We have fantastic locations in San Francisco, Austin, and Boulder.
- We offer generous compensation and benefits packages including medical, vision, and dental insurance and a flexible PTO policy,
About our Engineering Team
- Our engineering team demonstrates and values technical thought leadership.
- Qualia's Head of Design, Jack Lukic, is the creator of Semantic UI, one of the most popular open-source design frameworks. Qualia engineers learn this framework, and design patterns more generally, directly from the creator of the framework our front end is built on! Very few companies can say that.
- As part of our focus on continual learning and development, a Qualia team member gives an educational talk on something they're interested in every Thursday to the entire engineering and product team. Topics range from Kolmogorov complexity theory to the definition of art, to models of existential risk.