Job Title: Lead Software Engineer
Job ID: EN_083
Start Date Asap
Duration: 6 months contract
LocationOnsite - Richmond Hill, ON
Top Skills :
- Writes portable, maintainable C/C++ across compilers and platforms
- Deep working knowledge of the IBM z/OS: IBM xLC/C++ compiler, HLASM assembly interfaces, COBOL callable boundaries, JCL build and SMP/E installation packaging, and a modern VS Code-based developer toolchain.
- Engage directly with customers' z/OS systems programmers on SAF/RACF/ACF2 integration, TLS configuration, and customer defect resolution.
Job Description:
Lead Software Engineer – Cryptographic Systems
Team: Voltage SecureData Engineering
Level: Lead / Senior (typically 8+ years' experience)
Location: Richmond Hill, ON, Canada (office-based)
About the role
This is a technical leadership role on the team that owns the cryptographic engine at the heart of Voltage SecureData: a cross-platform C/C++ library that delivers data encryption, key management, HSM integration, and payment-terminal security for banks, retailers, and healthcare organisations worldwide.
The product ships on Linux, Windows, macOS, AIX, Solaris, IBM z/OS, and HPE NonStop, with SDK bindings in Java and C#/.NET. The bulk of engineering activity is in the core C/C++ library and the SDK layer; the IBM z/OS port is an active workstream that requires platform depth to support, and HPE NonStop.
This is an engineering-first role. You will write substantial code, not just review it, and you will be as comfortable driving a design review or a customer escalation as you are at a debugger.
What you will do
Technical leadership
- Set coding standards, testing strategy, and code review culture for the engineering team.
- Lead feature design end-to-end: from requirements through API design, implementation, and platform qualification.
- Own the cross-platform build and packaging strategy: CMake, GitLab CI, Jenkins, artifact promotion, and release tooling.
- Drive security scanning, static analysis, dependency management, and vulnerability scanning into the standard CI workflow.
- Make architectural decisions about library boundaries and how compiled interfaces remain stable across releases and platform combinations.
- Mentor mid-level and junior engineers; translate product requirements into clear engineering work items.
- Act as escalation point for customer-facing defects involving cryptographic correctness, HSM integration (nCipher nShield, Atalla, Thales), PKCS#11, or platform authorisation frameworks.
- Collaborate with QA on test coverage and the boundary between unit, integration, and platform qualification testing.
Hands-on engineering
- Implement and review cryptographic functionality in C and C++: symmetric and asymmetric ciphers, key wrapping, message authentication, format-preserving encryption, and TLS/cipher configuration.
- Own the Java SDK layer, which has two distinct areas: components implemented entirely in Java, and components that integrate with the native C library through a cross-language boundary. Both are active, production workstreams.
- Drive the TLS hygiene roadmap: cipher suite ordering, certificate management, FIPS 140 compliance, and post-quantum algorithm readiness.
IBM z/OS
- Own or build deep working knowledge of the IBM z/OS port: IBM xLC/C++ compiler, HLASM assembly interfaces, COBOL callable boundaries, JCL build and SMP/E installation packaging, and a modern VS Code-based developer toolchain.
- Provide coverage alongside the existing z/OS specialist.
- Engage directly with customers' z/OS systems programmers on SAF/RACF/ACF2 integration, TLS configuration, and customer defect resolution.
What we are looking for:
Essential
Skill
What excellent looks like
C / C++ (expert)
Writes portable, maintainable C/C++ across compilers and platforms; teaches others the pitfalls of undefined behaviour and platform-specific assumptions
Operating systems and systems programming
Deep understanding of OS concepts across at least two platforms (Linux, Windows, AIX, etc.): memory management, dynamic linking, shared-library design, threading models, and process isolation; can diagnose problems that only manifest under specific OS or runtime conditions
Applied cryptography
Practical experience across multiple areas of cryptography, symmetric ciphers, public-key operations, key management, message authentication, TLS/SSL; comfortable working with standards and with problems where no standard exists
Multi-language SDK design
Has owned a native interop boundary in production; understands the memory ownership and error-propagation contracts that make cross-language bindings reliable
Build engineering
Has maintained a CMake build across multiple platforms and compilers; understands shared-library versioning and how to keep compiled interfaces stable across releases
Java
Strong Java development experience; writes production-quality Java independently and understands the JVM well enough to diagnose runtime and interop failures; comfortable in both pure-Java and native-integrated Java codebases
CI/CD ownership
Has designed and maintained a multi-stage pipeline from commit to signed artifact
Technical leadership
Has led design reviews, enforced review culture, and grown more junior engineers, without becoming a bottleneck
Strongly preferred
- C# / .NET: .NET Standard library design, native interop, NuGet packaging.
- PKCS#11 or HSM SDK (nCipher nShield, Atalla, Thales Luna) at an integration depth beyond "call the API".
- Post-quantum cryptography: ML-KEM, ML-DSA, SLH-DSA, and the NIST PQC standards trajectory.
- Payments industry standards: ISO 8583, EMV, PCI-DSS P2PE, and terminal-to-host key exchange.
IBM z/OS and HPE NonStop
- IBM z/OS: JCL, HLASM, xLC/C++, SMP/E, TSO/ISPF, RACF/ACF2 integration, and the z/Architecture 31-bit/64-bit addressing model. Prior experience is strongly preferred; a strong systems C/C++ background with genuine interest in non-POSIX environments is a viable starting point.
- HPE NonStop: Guardian/OSS shell, TAL or pTAL, C cross-compilation for NonStop targets. Prior experience is an advantage; strong low-level C skills are the baseline requirement.