Senior PKI Engineer - Certificate Authority Backend Owner

Truepic, Inc.
Full time node.js jakarta-ee postgresql ansible ejbca
125,000 - 175,000 USD / year
Software Development
United States
Hiring from: United States

About this job

Compensation: $125k - 175k | Equity
Location options: Remote
Job type: Full-time
Experience level: Senior
Role: Backend Developer, DevOps


node.js, jakarta-ee, postgresql, ansible, ejbca

Job description

Why we are hiring

Truepic develops the world's most secure camera technology for mobile devices. We empower viewers to make better-informed decisions through high integrity photos & videos. Our team is dedicated to restoring trust in every pixel of consequence, with the goal of having a shared sense of visual reality across the internet by 2030. We are are embarking on a game-changing endeavor to bring our award-winning Controlled Capture secure camera technology (named one of TIME Magazine’s Best Inventions of 2020) to any camera-enabled app. As a Senior PKI Engineer in our R&D division, you will architect, implement, and own the high-performance, high-integrity PKI service that anchors the trust in the Truepic brand. Your work will help cement Truepic’s position on the bleeding edge of the battle against visual deception, including defending against AI-synthesized deepfakes. Authenticatable photos and videos whose integrity is anchored in the trusted root that you will manage will aid critical decision making by customers at Tier 1 internet platforms, financial service companies, international NGOs, and governments. 

Core Responsibilities: 

  • Architect and implement a secure, high-performance, scalable PKI for the Truepic Certificate Authority, including offline root and proxied subordinate CAs that will issue cryptographic credentials for device authentication and file signing

  • Architect and implement secure storage and accessibility for CA private keys using hardware security modules (HSMs)

  • Architect and implement supplementary CA services including OCSP responders and publishing of CRLs

  • Architect and implement an authentication front-end to the CA, which implements the secure, scalable protocol for authentication designed in collaboration with mobile device engineering. The authentication service will leverage mobile device attestation services from Apple, Google, Qualcomm, and others

  • Architect and implement a trusted time-stamping service capable of very high transaction rates with full traceability

  • Implement accounting service that tracks issuing of authentication credentials, file signing credentials, and time-stamping transactions for billing purposes

  • Work with the product engineering team to lay the groundwork for integrating CA service as part of the wider Truepic infrastructure, including the issuing and verification of customer API keys.

  • Be accountable to the Truepic product engineering team for CA, authentication, and billing services uptime and stability

  • Contribute to the creation of an open standard for authenticatable media files alongside industry heavyweights such as Adobe, Twitter, Microsoft, and more. 

  • Collaborate with the broader Truepic R&D team on a unified architectural approach to Controlled Capture technology

You will succeed in this role if you:

  • Have deep, proven experience developing secure, enterprise-grade applications in some or all of the following languages and frameworks:

    • Java EE

    • Go

    • Node.js

    • Amazon RDS for PostgreSQL

    • Ansible

    • Terraform

  • Have deep, proven experience with CI/CD methodology and frameworks such CircleCI

  • Have deep, proven expertise with Public Key Infrastructure (PKI) concepts, including internet standards for cryptographic algorithms, hashing schemes, digital signature schemes, trusted time-stamping, and cryptographic certificates. 

  • Have experience with leveraging mobile device attestation technologies for iOS and Android devices

  • Have experience with building systems that integrate hardware security modules (HSMs), including Amazon CloudHSM

  • Have experience with PrimeKey EJBCA platform for CA, RA, and VA services

  • Have experience with PrimeKey SignServer platform for time-stamping services

  • Have experience designing and implementing secure communication protocols between mobile devices and backend services

  • Have experience designing and implementing proactive defenses against common threat vectors for public-cloud high-security applications

  • Have superb communication skills and the ability to make compelling data-driven arguments for your architectural and implementation recommendations

  • Have a proven ability to be self-driven in applying a methodical approach to exploring novel solutions to unexplored problem spaces

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Huddle HQ
Full time
View job 65,000 - 140,000 USD / year
About this job Compensation: $65k - 140k | EquityLocation options: RemoteJob type: Full-timeExperience level: Senior, LeadRole: Backend Developer, Graphics/Game DeveloperIndustry: Collaboration Tools, SaaSCompany size: 1–10 peopleCompany type: VC FundedTechnologies reactjs, node.js, webgl, typescript, opengl Job description Mission Build Teamflow's backend...
reactjs node.js webgl typescript opengl
Software Development
No Location
Hiring from: U.S. / Canada, North America, South America, Southern Africa
Unanet, Inc.
Full time
View job 110,000 - 130,000 USD / year
About this job Compensation: $110k - 130k | EquityLocation options: RemoteJob type: Full-timeExperience level: Mid-Level, SeniorRole: Data ScientistIndustry: Accounting Software, Computer Software, Enterprise SoftwareCompany size: 201–500 peopleCompany type: PrivateTechnologies data-visualization, business-intelligence, analytics, data-modeling, sql Job description Analytics will be the...
data-visualization business-intelligence analytics data-modeling sql
Software Development
No Location
Hiring from: U.S. / Canada, North America
View job 30,000 - 45,000 EUR / year
About this job Compensation: €30k - 45kLocation options: RemoteJob type: Full-timeExperience level: Senior, LeadRole: Backend Developer, Full Stack DeveloperTechnologies java, api, grafana, unirest, apache-kafka Job description String c = "Candidate" String g = "Globe" c: Who are you? g: Globe...
java api grafana unirest apache-kafka
Software Development
Hiring from: Spain