Security Engineer
Role details
Job location
Tech stack
Job description
Security Engineers: Should have expertise in secure software development and cryptography engineering. This role will be responsible to work with cryptographers to build a high secured and resilient crypto and tokenized assets custody solution.
Requirements
They should be proficient in secure coding practices, especially in C/C++, Go, or Rust, to implement cryptographic code that is resistant to known security attacks (e.g. side-channel attacks). They should also know how to use or audit cryptographic libraries (OpenSSL, or MPC-specific libraries) and be familiar with hardware security features (like Intel SGX and HSMs). They must be comfortable working with MPC or cryptographic frameworks typically used to build crypto custody solution. Strong threat modeling skills are required to anticipate and mitigate potential attack vectors (such as man-in-the-middle during the MPC rounds, malicious client apps, etc.). They will perform code reviews focusing on crypto security and design tests for potential vulnerabilities. Experience with cryptographic protocols (e.g., having implemented or audited a key exchange or signature scheme) and knowledge of common pitfalls (like poor random number generation or improper error handling leaking information) are essential. They should have experience integrating with blockchain nodes/APIs is important since the wallet backend will need to assemble and broadcast transactions on multiple networks. They should understand blockchain transaction formats (Bitcoin UTXOs, Ethereum RLP, etc.) and be able to parse and create transactions for signing. Knowledge of secure storage and databases is also needed - for instance, how to securely store an encrypted key share or audit log on the server side. The solution will orchestrate communication between signing parties, developers should be skilled in networking (sockets, RPC frameworks) and concurrency control. Familiarity with cloud security (to avoid misconfigurations) and containerization can be beneficial for deployment. Experience working with Trusted execution environment like Intel SGX including remote attestation. TALENT PROFILE Should have expertise in secure software development and cryptography engineering. Proficient in secure coding practices, especially in C/C++, Go, or Rust Should know how to use or audit cryptographic libraries (OpenSSL, or MPC-specific libraries) and be familiar with hardware security features (like Intel SGX and HSMs). Must be comfortable working with MPC or cryptographic frameworks typically used to build crypto custody solution. Strong threat modeling skills are required to anticipate and mitigate potential attack vectors (such as man-in-the-middle during the MPC rounds, malicious client apps, etc.). Experience with cryptographic protocols (e.g., having implemented or audited a key exchange or signature scheme) and knowledge of common pitfalls (like poor random number generation or improper error handling leaking information) are essential. Should have experience integrating with blockchain nodes/APIs Understanding of blockchain transaction formats (Bitcoin UTXOs, Ethereum RLP, etc.) and be able to parse and create transactions for signing. Knowledge of secure storage and databases is needed. Familiarity with cloud security (to avoid misconfigurations) and containerization can be beneficial for deployment. Experience working with Trusted execution environment like Intel SGX including remote attestation. Skills required C/C++, Go, or Rust OpenSSL or MPC-specific libraries Intel SGX and HSMs MPC or cryptographic frameworks Blockchain nodes/APIs Bitcoin UTXOs, Ethereum RLP, etc. Secure storage and databases Cloud security and containerization
