Specialty Software Engineer 3 - Contingent

Job Description:

• Client is engineering a next-generation Digital Asset Platform designed to solve the "Approval-to-Execution Gap" in institutional finance: ensuring that digital asset transactions are signed only when strictly authorized by policy, without exposing private keys to cloud operators or insiders.
• Client is moving beyond standard hot wallets to build an institutional-grade Confidential Custody Infrastructure.
• Client’s platform combines Multi-Party Computation (MPC) with hardware-enforced Confidential Computing (TEEs) to create a "glass vault"—a system where key operations are cryptographically isolated, attestable, and mathematically proven secure.

• MPC Protocol Implementation: Architect and implement high-performance threshold signature schemes (specifically DKLS23 or similar) for ECDSA key generation and signing.
• Confidential Computing Architecture: Design and build services that run inside Trusted Execution Environments (TEEs), specifically targeting AMD SEV-SNP and Intel TDX via Confidential Containers (CoCo).
• Attestation Framework: Implement the RATS (Remote Attestation Procedures) architecture (RFC 9334) to ensure that no key share is released until the requesting node proves its hardware and software integrity to a Key Broker Service.
• Hardware Security Integration: Design "Cold Ceremony" workflows that integrate offline hardware tokens as offline Key Encryption Keys (KEKs) for disaster recovery and deep storage.
• Secure Enclave Development: Write and optimize memory-safe code (Rust/Go) that operates on key material exclusively within encrypted memory regions, ensuring zero leakage to the host OS or hypervisor.
• Policy-to-Cryptography Binding: Design mechanisms to cryptographically bind business logic approvals (e.g., WebAuthn assertions) directly to the MPC signing session, eliminating the gap between "approval" and "execution".

• 7 plus years of experience in systems-level engineering, with expert proficiency in Go (for orchestration) and Rust (for cryptographic primitives).

• Deep experience implementing Threshold Cryptography and Multi-Party Computation (MPC).
• Candidate should be comfortable implementing papers like GG20 from scratch.

• Hands-on experience with TEE technologies, specifically Confidential Containers (CoCo), AMD SEV-SNP, or Intel SGX/TDX.
• Candidate must understand attestation flows, measurements, and memory encryption.

• Familiarity with the RATS architecture and components like Key Broker Services (KBS) and Attestation Services (AS).

• Experience designing "Defense-in-Depth" systems where infrastructure (Kubernetes/Cloud) is treated as untrusted.

• Experience with OIDC/Identity standards (integrating WebAuthn/FIDO2 with cryptographic operations).
• Familiarity with CNCF Trustee or similar attestation frameworks.
• Experience in institutional custody, key management, or high-security fintech environments.

• Consult on or participate in moderately complex initiatives and deliverables within Specialty Software Engineering and contribute to large-scale planning related to Specialty Software Engineering deliverables.
• Review and analyze moderately complex Specialty Software Engineering challenges that require an in-depth evaluation of variable factors.
• Contribute to the resolution of moderately complex issues and consult with others to meet Specialty Software Engineering deliverables while leveraging solid understanding of the function, policies, procedures, and compliance requirements.
• Collaborate with client personnel in Specialty Software Engineering.

• 4 plus years of Specialty Software Engineering experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.

Pay Range: $60/hr-$70/hr on W2

The specific compensation for this position will be determined by a number of factors, including the scope, complexity and location of the role as well as the cost of labor in the market; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. Our full-time consultants have access to benefits including medical, dental, vision and 401K contributions as well as any other PTO, sick leave, and other benefits mandated by appliable state or localities where you reside or work.