Senior Distributed Systems & Cryptography Engineer (contract)
Wells Fargo · Concord, CA · 1 mo ago
Information Technology$70–$75/hrContract
Key Responsibilities
- MPC Protocol Implementation: Architect and implement high-performance threshold signature schemes (specifically DKLS23 or similar) for ECDSA key generation and signing.
- Confidential Computing Architecture: Design and build services that run inside Trusted Execution Environments (TEEs), specifically targeting AMD SEV-SNP and Intel TDX via Confidential Containers (CoCo).
- Attestation Framework: Implement the RATS (Remote ATtestation procedureS) architecture (RFC 9334) to ensure that no key share is released until the requesting node proves its hardware and software integrity to a Key Broker Service.
- Hardware Security Integration: Design "Cold Ceremony" workflows that integrate offline hardware tokens as offline Key Encryption Keys (KEKs) for disaster recovery and deep storage.
- Secure Enclave Development: Write and optimize memory-safe code (Rust/Go) that operates on key material exclusively within encrypted memory regions, ensuring zero leakage to the host OS or hypervisor.
- Policy-to-Cryptography Binding: Design mechanisms to cryptographically bind business logic approvals (e.g., WebAuthn assertions) directly to the MPC signing session, eliminating the gap between "approval" and "execution".
Qualifications
- Strong experience in systems-level engineering within distributed environments
- Proven track record building or operating distributed systems at scale
- Expert-level proficiency in: Go (orchestration, services), Rust (cryptographic and memory-safe components)
- Experience working in high-bar engineering environments
- Strong core engineering fundamentals (data structures, concurrency, systems design)
- Experience collaborating across engineering teams and influencing technical direction
- Applied Cryptography
- Deep experience with threshold cryptography, MPC, or related protocols
- Ability to implement cryptographic research papers (e.g., GG20) from scratch
- Confidential Computing
- Hands-on experience with: AMD SEV-SNP, Intel SGX/TDX, Confidential Containers (CoCo)
- Strong understanding of attestation flows, measurements, and memory encryption
- Familiarity with RATS architecture, Key Broker Services (KBS), and Attestation Services
- Experience integrating OIDC, WebAuthn, or FIDO2
- Security Architecture
- Proven experience designing zero-trust / untrusted infrastructure systems
- Domain Expertise
- Experience in digital assets, crypto infrastructure, custody platforms, or high-security fintech environments (preferred over traditional banking)
- Exposure to CNCF Trustee or similar attestation frameworks