• Partner with engineering teams to build secure software • Help developers write secure code and resolve false positives • Conduct Secure by Design reviews for applications • Lead threat modeling workshops and document risk mitigations • Advise on security of CI/CD practices and third-party dependencies • Collaborate to integrate security controls into workflows • Provide security architecture guidance for AI/ML applications

At Qualia, we've built the leading B2B real estate technology that transforms the home buying and selling experience into a simple, secure, and enjoyable process. Our SMB and Enterprise products bring together users from across the real estate ecosystem---homebuyers and sellers, lenders, title and escrow agents, and real estate agents---onto a single shared digital closing platform, providing greater clarity and transparency to real estate transactions. Today, through our business customers across the country, millions of consumers use Qualia to close on homes every year. WHAT YOU'LL WORK ON Because purchasing a home is often the largest financial transaction of our users' lives, the stakes for getting security right are real. Our Information Security team doesn't rely on assumptions—we identify where they've been made, assess the risk, and communicate it clearly to the business. We define what "normal" looks like across our products, customers, employees, and assets, and we own the detection and response when something deviates from that baseline. As a Senior Information Security Engineer, you'll operate at the intersection of technical depth and business impact. You bring hard-won experience and sharp instincts, but you stay genuinely curious about what's new in the threat landscape. Whether you're writing policy, building detection logic, or shipping code, you'll have real autonomy to make pragmatic decisions that protect the company without standing in the way of its growth. Security at Qualia isn't siloed—it touches every team and every product. That means you'll need to be as comfortable talking to an engineer about a misconfiguration as you are briefing a business leader on risk. A growth mindset isn't optional here; as the threats we face become more numerous and sophisticated, so must we. RESPONSIBILITIES - Partner with stakeholders across the business to identify gaps and strengthen Qualia's security posture - Uncover security weaknesses in technologies and processes through threat modeling, security assessments, and the development of practical security baselines - Build and operate tooling across the full security lifecycle: prevention, detection, investigation, and response - Evaluate the security posture of cloud environments, including reviewing configurations, monitoring for drift, and ensuring alignment with organizational security baselines - Serve as a point of escalation for customer-reported security concerns, triaging issues, communicating clearly with affected parties, and driving issues to resolution - Triage and reproduce vulnerability findings from penetration tests, internal tooling, and external reports—and communicate associated risk clearly to the right audiences - Scale security impact through automation and education, making the whole organization more security-aware YOUR BACKGROUND THAT LIKELY MAKES YOU A MATCH - 4+ years of professional information security experience, with both a strong defensive foundation and familiarity with offensive techniques - Genuine curiosity about how systems work and how they break - The ability to write code—whether it's a quick automation script or a more substantial detection tool - Hands-on experience with: - Security operations tooling (e.g., SIEMs, IDS/IPS, WAFs, log monitoring platforms) - Core IT domains, including endpoint management, networking, web applications, and cloud infrastructure - Identity and access management concepts (e.g., SSO, MFA, role-based access controls) - Navigating the security implications of emerging technologies—including AI and large language models—as the company evaluates and adopts new tools - Security automation and orchestration: experience connecting tools, writing integrations, or building workflows that reduce response times and manual effort - Penetration testing tools (e.g., Nmap, Nessus, Metasploit, Burp Suite, or similar) - The ability to translate complex security concepts into clear, actionable language for technical and non-technical audiences alike - Bachelor's degree in a relevant field, or equivalent practical experience - Information Security or IT certifications are a plus - Nice to have - Experience with or exposure to compliance frameworks (e.g., SOC 2, ISO 27001, or similar) - Information Security Certificates (e.g., CISSP, GIAC, or similar) This role has a base annual salary of $180,000-$200,000 plus a competitive equity and benefits package. (Salary to be determined by relevant experience, location, knowledge, and skills of the applicant, internal equity, and alignment with market data.) WHY QUALIA Qualia is made up of incredibly bright, mission-driven coworkers who are passionate about using technology to solve real-world problems---and we're growing quickly. In order to continue building an engaging and dynamic organization, we're committed to giving everyone the support they need to do great work. Our benefits package is designed to allow our team members to be their best selves, both in and out of the workplace. In addition to comprehensive health plans, a 401k program, and commuter benefits, we prioritize family and personal well-being through professional development, parental leave, and a flexible time off policy. Qualia offers a robust online onboarding program to train new hires, biweekly all hands meetings, and a variety of internal virtual events to keep employees connected. We believe diverse perspectives and backgrounds are critical to building great technology, and our goal is to cultivate an environment where people feel equally valued and respected. Qualia is proud to be an equal-opportunity workplace, and we welcome applicants from all backgrounds regardless of race, color, ancestry, religion, gender identity or expression, sexual orientation, marital status, age, citizenship, socioeconomic status, disability, or veteran status. By submitting your application, you acknowledge and agree to the collection, processing, and use of your personal information as described in our Employee Data Privacy Notice. #LI-Remote

Role Description We’re looking for a GenAI Practice Lead — someone with strong organizational skills and sharp business thinking who will own the GenAI practice end-to-end: internal adoption, client offerings, and partnerships. Your job is to make sure GenAI creates real value, not just buzz, for our clients, partners, and our own teams. - Coordinate GenAI solution proposals for new clients (enterprise and startups) — work with technical teams and Sales/BD to shape offerings that land. - Spot and package GenAI value opportunities within existing accounts — identify where GenAI solves real problems, build the business case, and drive it forward. - Coordinate AI adoption within TechMagic — drive tooling rollouts (Cursor, Claude Code, Copilot, etc.), track usage and impact, and ensure our engineering teams get real productivity gains from GenAI. - Manage AI partnerships — identify, onboard, and coordinate external AI partnerships. - Co-drive the GenAI Value Lab (CoE) priorities — help decide where the lab focuses its time, budget, and tools based on market demand and client needs. - Keep a clear GenAI opportunity pipeline and prepare concise updates for Delivery, Sales, and leadership on what’s working and where momentum is at risk. Qualifications - Strong familiarity with GenAI — tools, use cases, market landscape, and how GenAI applies to real software delivery and business problems. - Background in Product/Project Management, Business Analysis, Competence/Practice Management, or similar roles with strong cross-functional exposure. - Experience in IT services / outsourcing / consulting — you understand how delivery works and how deals get built. - Excellent organizational skills and follow-through — structured, doesn’t drop threads, can manage multiple moving parts across accounts and partners. - Strong business sense — can evaluate whether a GenAI idea is real value or noise; understands upsell, cross-sell, and partnership economics. - Curiosity and adaptability — GenAI moves fast; you thrive in a rapidly changing environment, learn quickly, and adjust your approach as the landscape evolves. - Comfortable communicating with Delivery Directors, architects, Sales/CE, and external partners at all levels. - Able to travel abroad for business purposes. Benefits - You own the GenAI practice — clients, partners, internal adoption. - You work across many accounts and partnerships, not stuck in one project. - You shape how TechMagic positions GenAI in the market and where we invest next. - Opportunity to work with international clients. - Work from anywhere (fully remotely or in our office). - Paid vacations and sick-leaves, additional days-off, relocation bonus. - Wellness: Medical insurance/ sport compensation/ health check-up+flu vaccination at your choice. - Education: regular tech-talks, educational courses, paid certifications, English classes. - Fun: own football team, budget for team-lunches, branded gifts. - One of the best IT employers in Lviv (or IT service companies in Ukraine) based on DOU rating. Interview Stages - Screening Interview with Recruiter. - Interview with CTO. Recruiter Anastasiya Matveyeva

• Define and evolve security architecture in cloud environments (multi-cloud or hybrid). • Design secure solutions on providers such as AWS, Azure and/or Google Cloud Platform (GCP). • Establish security standards, frameworks and best practices (IAM, encryption, network segmentation, etc.). • Support engineering and development teams in implementing secure solutions (DevSecOps). • Conduct risk assessments, threat modeling and architecture reviews. • Ensure compliance with standards and frameworks (ISO 27001, NIST, CIS, LGPD, among others). • Define and oversee identity and access management strategies (IAM, PAM, SSO, MFA). • Implement and oversee controls such as WAF, CASB, SIEM, EDR/XDR and CSPM. • Support internal and external audits related to information security.