Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Lead Software Engineer (CLM / Machine & AI Identity)
Qualys is looking for a hands-on Lead Software Engineer to help evolve CertView CLM into a unified machine, workload, and AI-agent identity platform. You will lead design and delivery of scalable cloud-security services handling 100M+ transactions and terabytes of data daily, with focus areas including SPIFFE/SPIRE, ephemeral certificates, Kubernetes/service-mesh identity, managed cloud identities, and AI-agent governance.
What You’ll Do
- Lead architecture and development of next-generation CLM platform components
- Build high-scale identity ingestion and processing pipelines for short-lived credentials and workload identities.
- Drive roadmap delivery across ACME v2, SPIFFE/SPIRE integration, Kubernetes/service-mesh discovery.
- Collaborate with Product, SRE, Security, VMDR, and TotalCloud teams to ship resilient, production-ready features.
- Mentor engineers on design, performance, distributed systems, and secure coding for PKI/identity systems.
Core Qualifications
- 8+ years of hands-on SaaS engineering experience in cloud environments.
- Strong Java/Spring Boot expertise; solid fundamentals in distributed systems and scalable API design.
- Experience with event-driven systems (Kafka/JMS), caching (Redis/Memcached), and RDBMS (Oracle preferred).
- Familiarity with Docker, Kubernetes, Jenkins, and CI/CD.
- Bachelor’s degree or higher in Computer Science (or related field).
Strongly Preferred Domain Experience (Any 2+)
- PKI/CLM (X.509, CSR workflows, CA integrations, CRL/OCSP, HSM-backed signing)
- ACME v2 / cert-manager
- SPIFFE/SPIRE and workload identity models
- Cloud managed identity (AWS/Azure/GCP) and OIDC federation
- Service mesh & mTLS
- Kubernetes controllers/operators and CRDs
- NHI and AI-agent security concepts and platforms
Nice to Have
- Post-quantum migration exposure
- CNCF/IETF contributions (SPIRE, cert-manager, OPA, WIMSE/ACME)
- Go or Rust experience for collectors/plugins/sidecars