Lead Software Engineer
Spectraforce
Richmond Hill, Ontario
a day ago
Job Description
Lead Software Engineer – Cryptographic Systems
Duration: 6 Months
Location: Richmond Hill, ON, Canada (office-based)
Team: Voltage SecureData Engineering
Level: Lead / Senior (typically 8+ years' experience)
About the role
This is a technical leadership role on the team that owns the cryptographic engine at the heart of Voltage SecureData: a cross-platform C/C++ library that delivers data encryption, key management, HSM integration, and payment-terminal security for banks, retailers, and healthcare organisations worldwide.
The product ships on Linux, Windows, macOS, AIX, Solaris, IBM z/OS, and HPE NonStop, with SDK bindings in Java and C#/.NET. The bulk of engineering activity is in the core C/C++ library and the SDK layer; the IBM z/OS port is an active workstream that requires platform depth to support, and HPE NonStop.
This is an engineering-first role. You will write substantial code, not just review it, and you will be as comfortable driving a design review or a customer escalation as you are at a debugger.
What you will do
Technical leadership
• Set coding standards, testing strategy, and code review culture for the engineering team.
• Lead feature design end-to-end: from requirements through API design, implementation, and platform qualification.
• Own the cross-platform build and packaging strategy: CMake, GitLab CI, Jenkins, artifact promotion, and release tooling.
• Drive security scanning, static analysis, dependency management, and vulnerability scanning into the standard CI workflow.
• Make architectural decisions about library boundaries and how compiled interfaces remain stable across releases and platform combinations.
• Mentor mid-level and junior engineers; translate product requirements into clear engineering work items.
• Act as escalation point for customer-facing defects involving cryptographic correctness, HSM integration (nCipher nShield, Atalla, Thales), PKCS#11, or platform authorisation frameworks.
• Collaborate with QA on test coverage and the boundary between unit, integration, and platform qualification testing.
Hands-on engineering
• Implement and review cryptographic functionality in C and C++: symmetric and asymmetric ciphers, key wrapping, message authentication, format-preserving encryption, and TLS/cipher configuration.
• Own the Java SDK layer, which has two distinct areas: components implemented entirely in Java, and components that integrate with the native C library through a cross-language boundary. Both are active, production workstreams.
• Drive the TLS hygiene roadmap: cipher suite ordering, certificate management, FIPS 140 compliance, and post-quantum algorithm readiness.
IBM z/OS
• Own or build deep working knowledge of the IBM z/OS port: IBM xLC/C++ compiler, HLASM assembly interfaces, COBOL callable boundaries, JCL build and SMP/E installation packaging, and a modern VS Code-based developer toolchain.
• Provide coverage alongside the existing z/OS specialist.
• Engage directly with customers' z/OS systems programmers on SAF/RACF/ACF2 integration, TLS configuration, and customer defect resolution.
________________________________________
What we are looking for
Essential
Skill What excellent looks like
C / C++ (expert) Writes portable, maintainable C/C++ across compilers and platforms; teaches others the pitfalls of undefined behaviour and platform-specific assumptions
Operating systems and systems programming Deep understanding of OS concepts across at least two platforms (Linux, Windows, AIX, etc.): memory management, dynamic linking, shared-library design, threading models, and process isolation; can diagnose problems that only manifest under specific OS or runtime conditions
Applied cryptography Practical experience across multiple areas of cryptography, symmetric ciphers, public-key operations, key management, message authentication, TLS/SSL; comfortable working with standards and with problems where no standard exists
Multi-language SDK design Has owned a native interop boundary in production; understands the memory ownership and error-propagation contracts that make cross-language bindings reliable
Build engineering Has maintained a CMake build across multiple platforms and compilers; understands shared-library versioning and how to keep compiled interfaces stable across releases
Java Strong Java development experience; writes production-quality Java independently and understands the JVM well enough to diagnose runtime and interop failures; comfortable in both pure-Java and native-integrated Java codebases
CI/CD ownership Has designed and maintained a multi-stage pipeline from commit to signed artifact
Technical leadership Has led design reviews, enforced review culture, and grown more junior engineers, without becoming a bottleneck
Strongly preferred
• C# / .NET: .NET Standard library design, native interop, NuGet packaging.
• PKCS#11 or HSM SDK (nCipher nShield, Atalla, Thales Luna) at an integration depth beyond "call the API".
• Post-quantum cryptography: ML-KEM, ML-DSA, SLH-DSA, and the NIST PQC standards trajectory.
• Payments industry standards: ISO 8583, EMV, PCI-DSS P2PE, and terminal-to-host key exchange.
IBM z/OS and HPE NonStop
• IBM z/OS: JCL, HLASM, xLC/C++, SMP/E, TSO/ISPF, RACF/ACF2 integration, and the z/Architecture 31-bit/64-bit addressing model. Prior experience is strongly preferred; a strong systems C/C++ background with genuine interest in non-POSIX environments is a viable starting point.
• HPE NonStop: Guardian/OSS shell, TAL or pTAL, C cross-compilation for NonStop targets. Prior experience is an advantage; strong low-level C skills are the baseline requirement.
What we offer in return
• Ownership of a security-critical system used in production by major financial institutions.
• Genuine platform breadth including IBM z/OS and HPE NonStop — environments that are rare in the industry and valuable to know.
• Direct customer engagement on cryptographic and platform integration problems.
• A small, senior-skewed team where technical credibility drives decisions.
About Voltage SecureData
Voltage SecureData is a data-centric encryption platform from client It protects sensitive data, payment card numbers, healthcare records, personal identifiers at rest, in transit, and in use, across on-premises, cloud, and mainframe environments. The engineering team builds and maintains the core cryptographic library, multi-language SDKs, and platform-specific ports that underpin the product.
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 55.00/hr.
Duration: 6 Months
Location: Richmond Hill, ON, Canada (office-based)
Team: Voltage SecureData Engineering
Level: Lead / Senior (typically 8+ years' experience)
About the role
This is a technical leadership role on the team that owns the cryptographic engine at the heart of Voltage SecureData: a cross-platform C/C++ library that delivers data encryption, key management, HSM integration, and payment-terminal security for banks, retailers, and healthcare organisations worldwide.
The product ships on Linux, Windows, macOS, AIX, Solaris, IBM z/OS, and HPE NonStop, with SDK bindings in Java and C#/.NET. The bulk of engineering activity is in the core C/C++ library and the SDK layer; the IBM z/OS port is an active workstream that requires platform depth to support, and HPE NonStop.
This is an engineering-first role. You will write substantial code, not just review it, and you will be as comfortable driving a design review or a customer escalation as you are at a debugger.
What you will do
Technical leadership
• Set coding standards, testing strategy, and code review culture for the engineering team.
• Lead feature design end-to-end: from requirements through API design, implementation, and platform qualification.
• Own the cross-platform build and packaging strategy: CMake, GitLab CI, Jenkins, artifact promotion, and release tooling.
• Drive security scanning, static analysis, dependency management, and vulnerability scanning into the standard CI workflow.
• Make architectural decisions about library boundaries and how compiled interfaces remain stable across releases and platform combinations.
• Mentor mid-level and junior engineers; translate product requirements into clear engineering work items.
• Act as escalation point for customer-facing defects involving cryptographic correctness, HSM integration (nCipher nShield, Atalla, Thales), PKCS#11, or platform authorisation frameworks.
• Collaborate with QA on test coverage and the boundary between unit, integration, and platform qualification testing.
Hands-on engineering
• Implement and review cryptographic functionality in C and C++: symmetric and asymmetric ciphers, key wrapping, message authentication, format-preserving encryption, and TLS/cipher configuration.
• Own the Java SDK layer, which has two distinct areas: components implemented entirely in Java, and components that integrate with the native C library through a cross-language boundary. Both are active, production workstreams.
• Drive the TLS hygiene roadmap: cipher suite ordering, certificate management, FIPS 140 compliance, and post-quantum algorithm readiness.
IBM z/OS
• Own or build deep working knowledge of the IBM z/OS port: IBM xLC/C++ compiler, HLASM assembly interfaces, COBOL callable boundaries, JCL build and SMP/E installation packaging, and a modern VS Code-based developer toolchain.
• Provide coverage alongside the existing z/OS specialist.
• Engage directly with customers' z/OS systems programmers on SAF/RACF/ACF2 integration, TLS configuration, and customer defect resolution.
________________________________________
What we are looking for
Essential
Skill What excellent looks like
C / C++ (expert) Writes portable, maintainable C/C++ across compilers and platforms; teaches others the pitfalls of undefined behaviour and platform-specific assumptions
Operating systems and systems programming Deep understanding of OS concepts across at least two platforms (Linux, Windows, AIX, etc.): memory management, dynamic linking, shared-library design, threading models, and process isolation; can diagnose problems that only manifest under specific OS or runtime conditions
Applied cryptography Practical experience across multiple areas of cryptography, symmetric ciphers, public-key operations, key management, message authentication, TLS/SSL; comfortable working with standards and with problems where no standard exists
Multi-language SDK design Has owned a native interop boundary in production; understands the memory ownership and error-propagation contracts that make cross-language bindings reliable
Build engineering Has maintained a CMake build across multiple platforms and compilers; understands shared-library versioning and how to keep compiled interfaces stable across releases
Java Strong Java development experience; writes production-quality Java independently and understands the JVM well enough to diagnose runtime and interop failures; comfortable in both pure-Java and native-integrated Java codebases
CI/CD ownership Has designed and maintained a multi-stage pipeline from commit to signed artifact
Technical leadership Has led design reviews, enforced review culture, and grown more junior engineers, without becoming a bottleneck
Strongly preferred
• C# / .NET: .NET Standard library design, native interop, NuGet packaging.
• PKCS#11 or HSM SDK (nCipher nShield, Atalla, Thales Luna) at an integration depth beyond "call the API".
• Post-quantum cryptography: ML-KEM, ML-DSA, SLH-DSA, and the NIST PQC standards trajectory.
• Payments industry standards: ISO 8583, EMV, PCI-DSS P2PE, and terminal-to-host key exchange.
IBM z/OS and HPE NonStop
• IBM z/OS: JCL, HLASM, xLC/C++, SMP/E, TSO/ISPF, RACF/ACF2 integration, and the z/Architecture 31-bit/64-bit addressing model. Prior experience is strongly preferred; a strong systems C/C++ background with genuine interest in non-POSIX environments is a viable starting point.
• HPE NonStop: Guardian/OSS shell, TAL or pTAL, C cross-compilation for NonStop targets. Prior experience is an advantage; strong low-level C skills are the baseline requirement.
What we offer in return
• Ownership of a security-critical system used in production by major financial institutions.
• Genuine platform breadth including IBM z/OS and HPE NonStop — environments that are rare in the industry and valuable to know.
• Direct customer engagement on cryptographic and platform integration problems.
• A small, senior-skewed team where technical credibility drives decisions.
About Voltage SecureData
Voltage SecureData is a data-centric encryption platform from client It protects sensitive data, payment card numbers, healthcare records, personal identifiers at rest, in transit, and in use, across on-premises, cloud, and mainframe environments. The engineering team builds and maintains the core cryptographic library, multi-language SDKs, and platform-specific ports that underpin the product.
Applicant Notices & Disclaimers
- For information on benefits, equal opportunity employment, and location-specific applicant notices, click here
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 55.00/hr.