Code Signing & Secure Software Infrastructure...

The MathWorks, Inc.
Natick, United States of America
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
$ 170K

Job location

Natick, United States of America

Tech stack

Microsoft Windows
Apple Mac Systems
C++
Software Debugging
Linux
Digital Signature
Revision Control Systems
Python
Network File Systems
Perforce
Ansible
Zero Trust Network Access
Secure Coding
Software Engineering
Data Logging
Scripting (Bash/Python/Go/Ruby)
Software Security
Mathworks
GIT
Infrastructure Automation Frameworks
SDN Network
Production Code
Puppet

Job description

MathWorks is seeking a Code Signing and Secure Software Infrastructure Engineer to help protect the integrity and authenticity of our software products. In this role, you'll design and build the systems that securely sign, validate, and release software used by engineers around the world.

This position is ideal for an engineer who enjoys working at the intersection of secure software development, automation, and infrastructure, and who is passionate about strengthening the software supply chain. You'll play a critical role in embedding security into our CI/CD pipelines and ensuring our release artifacts meet modern platform trust and security standards.

Responsibilities

  • Design, develop, and operate secure code-signing systems integrated into highly automated CI/CD pipelines.

  • Build and maintain software-driven infrastructure that signs and verifies release artifacts across Windows, Linux, and macOS.

  • Perform threat modeling and security reviews of build, integration, and release systems, and implement engineering-focused mitigations.

  • Manage the full lifecycle of production code-signing certificates, including secure storage, rotation, and auditing.

  • Implement mechanisms that ensure software is authentic, trusted, and tamper-resistant from build through customer delivery.

  • Develop monitoring, logging, and alerting to proactively detect failures, misuse, or attacks.

  • Stay current with OS-level trust models, code-signing requirements, and platform security standards.

  • Partner with software developers and security teams to integrate secure signing into the software development lifecycle.

Requirements

  • A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

Additional Qualifications

  • Strong software development and debugging experience in C/C++ and scripting languages such as Python.

  • Experience working with source control systems like Git or Perforce.

  • Hands-on experience with automation and configuration management tools (e.g., Ansible, Chef, Puppet).

  • Proven ability to debug systems using tools such as strace, dtrace, or bpftrace.

  • Experience designing and operating secure build or release infrastructure.

  • Solid understanding of code signing, certificates, cryptographic trust chains, and digital signatures.

  • Familiarity with secure software supply chain practices or zero-trust architectures.

  • Experience supporting Linux, Windows, and macOS environments and network file systems (SMB, NFS).

  • Experience with software-defined networking (SDN) or infrastructure-as-code is a plus.

Apply for this position