Senior PKI Engineer - Certificate Authority Backend Owner at Truepic, Inc. (San Diego, CA) (allows remote)

Senior PKI Engineer - Certificate Authority Backend Owner at Truepic, Inc. (San Diego, CA) (allows remote)

Add To Bookmarks
Location: San Diego, CA
Type: Full Time
Created: 2021-01-23 05:01:02

Apply Here

Why we are hiring

Truepic develops the world's most secure camera technology for mobile devices. We empower viewers to make better-informed decisions through high integrity photos & videos. Our team is dedicated to restoring trust in every pixel of consequence, with the goal of having a shared sense of visual reality across the internet by 2030. We are are embarking on a game-changing endeavor to bring our award-winning Controlled Capture secure camera technology (named one of TIME Magazine’s Best Inventions of 2020) to any camera-enabled app. As a Senior PKI Engineer in our R&D division, you will architect, implement, and own the high-performance, high-integrity PKI service that anchors the trust in the Truepic brand. Your work will help cement Truepic’s position on the bleeding edge of the battle against visual deception, including defending against AI-synthesized deepfakes. Authenticatable photos and videos whose integrity is anchored in the trusted root that you will manage will aid critical decision making by customers at Tier 1 internet platforms, financial service companies, international NGOs, and governments. 

Core Responsibilities: 

  • Architect and implement a secure, high-performance, scalable PKI for the Truepic Certificate Authority, including offline root and proxied subordinate CAs that will issue cryptographic credentials for device authentication and file signing
  • Architect and implement secure storage and accessibility for CA private keys using hardware security modules (HSMs)
  • Architect and implement supplementary CA services including OCSP responders and publishing of CRLs
  • Architect and implement an authentication front-end to the CA, which implements the secure, scalable protocol for authentication designed in collaboration with mobile device engineering. The authentication service will leverage mobile device attestation services from Apple, Google, Qualcomm, and others
  • Architect and implement a trusted time-stamping service capable of very high transaction rates with full traceability
  • Implement accounting service that tracks issuing of authentication credentials, file signing credentials, and time-stamping transactions for billing purposes
  • Work with the product engineering team to lay the groundwork for integrating CA service as part of the wider Truepic infrastructure, including the issuing and verification of customer API keys.
  • Be accountable to the Truepic product engineering team for CA, authentication, and billing services uptime and stability
  • Contribute to the creation of an open standard for authenticatable media files alongside industry heavyweights such as Adobe, Twitter, Microsoft, and more. 
  • Collaborate with the broader Truepic R&D team on a unified architectural approach to Controlled Capture technology

You will succeed in this role if you:

  • Have deep, proven experience developing secure, enterprise-grade applications in some or all of the following languages and frameworks:
    • Java EE
    • Go
    • Node.js
    • Amazon RDS for PostgreSQL
    • Ansible
    • Terraform
  • Have deep, proven experience with CI/CD methodology and frameworks such CircleCI
  • Have deep, proven expertise with Public Key Infrastructure (PKI) concepts, including internet standards for cryptographic algorithms, hashing schemes, digital signature schemes, trusted time-stamping, and cryptographic certificates. 
  • Have experience with leveraging mobile device attestation technologies for iOS and Android devices
  • Have experience with building systems that integrate hardware security modules (HSMs), including Amazon CloudHSM
  • Have experience with PrimeKey EJBCA platform for CA, RA, and VA services
  • Have experience with PrimeKey SignServer platform for time-stamping services
  • Have experience designing and implementing secure communication protocols between mobile devices and backend services
  • Have experience designing and implementing proactive defenses against common threat vectors for public-cloud high-security applications
  • Have superb communication skills and the ability to make compelling data-driven arguments for your architectural and implementation recommendations
  • Have a proven ability to be self-driven in applying a methodical approach to exploring novel solutions to unexplored problem spaces