Chief Software Engineer Architect

About The Position

Requirements

• 15+ years of professional software engineering experience, with at least the last 5 in the most senior IC technical role at your organization (Chief Architect, Distinguished Engineer, Technical Fellow, Principal Architect, or equivalent)
• Demonstrated hands-on coding at the most senior level—you have shipped production code in a Chief Architect or Distinguished Engineer role, not just approved designs. Expect to discuss specific systems you personally built and projects you personally de-risked through experimental development
• Deep expertise in Java and JVM languages (required) plus at least two of TypeScript/Node.js, Golang, or Rust, with demonstrated ability to move fluently between them
• Deep experience building security products—data security, tokenization, encryption, key management, DLP, CASB, EDR, or equivalent. You are a strong applier of cryptography: you know which primitives, libraries, and patterns to use, have designed systems around key hierarchies and HSMs, and have shipped systems under PCI-DSS, SOC 2, or equivalent regulatory scrutiny. You do not need to be a cryptographer, but you must know how to build secure systems with crypto correctly
• Firsthand experience applying AI/ML to security problems in production—not AI-adjacent, not exploratory. You have designed and shipped at least one of: ML-based classification/detection, LLM-based analyst augmentation, agentic security automation, or adversarial ML defense. You have clear opinions on the current state of AI in the security product landscape and where it is going
• Proven ability to lead Principal and Distinguished Engineers through technical credibility rather than authority—RFCs, design reviews, exemplar code, and technical vision documents
• Comfort leading a small group of senior ICs as a technical lead in a shared-management model—light people-management load, high technical-leadership load
• Deep experience designing and operating distributed systems at production scale—resilience, observability, performance, multi-region, cost—including at least one major cloud provider at depth and working command of the others
• Track record of de-risking the hardest projects through applied research, prototyping, and experimental development
• Strong grasp of networking fundamentals (HTTP/S, TLS, SSH, DNS, TCP/IP), Linux systems, and how they compose in distributed systems
• Deliberate, quality-driven use of agentic AI coding tools (Claude Code, Copilot, Cursor, open-source agents) as an engineering force multiplier—with rigorous review, testing, and validation of all AI-generated code before production
• Comfort working in a hybrid environment (Mississauga office, 4 days/week)

Nice To Haves

• Experience as a technical founder or early technical leader at a security scale-up
• Experience with format-preserving encryption (FPE), tokenization vaults, and vaultless tokenization architectures as a consumer/integrator
• Contributions to open-source in security, data platforms, or AI
• Experience designing agentic AI systems in adversarial settings—tool use, multi-agent coordination, human-in-the-loop gating, prompt injection hardening
• Deep experience with event-driven architectures (Kafka, NATS) at scale
• Familiarity with MITRE ATLAS, NIST AI RMF, OWASP LLM/ML Top 10, and how they apply to security product architecture
• Public technical presence—conference talks, published papers, standards work, or technical writing that has influenced the field
• Familiarity with configuration-as-code systems (we use Groovy) and infrastructure-as-code at depth
• Cross-paradigm performance analysis experience (VisualVM/JProfiler, pprof, Chrome DevTools/V8 Profiler)—you can profile and fix the hardest production performance problems yourself

Responsibilities

• Own the multi-year technical roadmap and architecture vision for the DataStealth DSP across discovery, classification, tokenization, encryption, and key management
• Define and evolve engineering standards, platform RFCs, technology selection, and "paved paths" that Principal and Distinguished Engineers build on
• Partner with the CTO, product, and security leadership on build-vs-buy, platform bets, and competitive technical strategy
• Represent DataStealth's architecture externally to enterprise customers, design partners, auditors (PCI-DSS, SOC 2), and the broader security community
• Write production code in the hardest, highest-risk subsystems—tokenization engine internals, high-throughput data-path services, security-critical platform components, and cross-cutting platform libraries
• Lead applied research and experimental development to de-risk the most ambitious projects: timeboxed prototypes, spikes, and reference implementations that the broader team then productionizes
• Set the quality bar through exemplar code, design reviews, and technical mentorship of Principal and Distinguished Engineers
• Work across the stack using the right language for the job: Java (primary), TypeScript/Node.js, Golang, and Rust
• Own end-to-end security architecture for the platform: threat models, trust boundaries, applied cryptographic design, key hierarchies, HSM integration, and compliance boundaries for PCI-DSS, SOC 2, GDPR, and related frameworks
• Apply the right cryptographic tools for the job—not invent them. Know which primitives to use, which libraries to trust, how to design key hierarchies and rotation, where HSM boundaries belong, and how to structure systems so compliance and operational reality both hold
• Act as the final technical escalation point for novel security questions, adversarial scenarios, and high-stakes architectural trade-offs
• Drive secure-by-design engineering culture: threat modeling as a first-class engineering artifact, not an afterthought
• Define and lead DataStealth's application of AI and ML to security problems—data classification, anomaly and sensitivity detection, analyst augmentation, and agentic automation
• Own the technical strategy for combining classical detection (regex, structured matchers, tokenization) with ML-based classification (transformer classifiers, embedding-based similarity, small distilled models) and LLM-based augmentation where appropriate
• Establish DataStealth's defensive posture around AI-specific risks: prompt injection, training data leakage, model poisoning, and adversarial ML—aligned to NIST AI RMF, OWASP LLM/ML Top 10, and MITRE ATLAS
• Evaluate and prototype emerging patterns (agentic security workflows, RAG over telemetry, privacy-preserving inference) and make clear recommendations on what DataStealth adopts, builds, or rejects
• Set architectural direction for cloud-native deployment across AWS, Azure, and GCP—resilience, observability, cost, multi-region, and regulated-workload patterns
• Define standards for CI/CD, container orchestration (Kubernetes/Docker), observability (Prometheus, Grafana, OpenTelemetry, ELK), and infrastructure-as-code (Terraform, Pulumi)
• Lead architectural decisions on event-driven backbones, data stores across paradigms, and high-throughput processing systems
• Provide technical leadership to the Principal and Distinguished Engineer cohort who report to you—design review, architectural direction, unblocking, and craft development through RFCs, architecture guilds, and direct technical mentorship
• Work as a principal technical lead, not a traditional line manager—the executive team handles performance reviews, compensation, and the bulk of people-management load so you can stay deeply technical
• Drive AI-augmented engineering practices across the team—directing agentic AI coding tools (Claude Code, Copilot, Cursor, open-source agents) as disciplined engineering partners, setting the bar on review, testing, and production quality for AI-generated code
• Help hire, grow, and retain the most senior technical talent; raise the technical bar through mentorship, documentation, and visible engineering excellence
• Work cross-functionally with Product, Security, Customer Success, and executive leadership to translate the hardest customer problems into coherent technical strategy

Benefits

• Great Place to Work certified for five consecutive years
• Direct partnership with the CTO and executive team on multi-year technical strategy
• Real scope, real ownership, real code
• Solve hard problems that matter: your architecture and your code directly protect sensitive data for the world's largest enterprises
• Player-coach architect role: you lead the technical direction and you stay in the code
• Lean, shared-management model that keeps you deeply technical
• Polyglot engineering culture: choose the right tool for the job, not the only tool you know
• AI-forward engineering team that treats AI tools as force multipliers—not crutches