Cryptography Staff engineer
Kyiv・Full time・Flexible remote // Designing and building cryptosystems.
The opportunity #
Cossack Labs is looking for a Staff cryptography engineer to join Crypto R&D team and work with us on innovation in cryptography. If you are interested in applied cryptography, modern math and application security, this may be the position for you!
We are a data security solutions company, developing software products (open-source and proprietary), as well as providing custom bespoke solutions to innovative development teams around the world. Our mission is to make strong security methodologies and approaches convenient within modern infrastructures and, as the software is eating the world, help it eat the world responsibly, without leaking customer’s data.
Our software is well-known amongst security-aware teams, recommended by OWASP, and popular for easily solving complicated security challenges. But as we reach a wide audience beyond the security circle, making our products more understandable and accessible for non-security geeks becomes a new challenge.
We work in the B2B space, with such customers as power grid operators, payment processors, legal companies, million-user customer applications. We cater to young ambitious startups and well-established enterprises, who use our software and solutions as core part of their security arsenal. Our customers are smart, but demanding.
Markets: EU, UK, USA.
You will: #
- Participate in the research and development of cryptographic systems in ours and our customers’ products.
- Research of new technologies (read scientific articles, understand their essence, understand how to apply described ideas) in the industry and their adaptation to the applied security and cryptography problems.
- Design, write, test, implement, wrap, debug code that implements certain mathematical and cryptographic constructions for secure distributed computing.
- Provide cryptographic oversight and help the team to write specifications for new functionality. Control how the “collective unconscious” writes code according to the specifications.
- Participate in the code review of someone else’s cryptographic code (it’s fun!).
We would expect you to have: #
- Strong knowledge of one or several programming languages: C, Go, Rust, or Scala.
- Good knowledge of applied cryptography, and / or formal education in this area and knowledge of math “under the hood”.
- An overall understanding of what information security is, how real-world risks and threats affect the choice of security controls and cryptographic structures, where cryptography needs to be supported by other security controls, what zero trust architecture is, and why AES-CBC is a questionable choice.
- General understanding of modern applied cryptography: HPKE, key wrapping, CT on Merkle trees, the problem of searching in encrypted data.
- Good understanding of math and computer science – you will need to work with modern math, and modern algorigthms often, and your colleagues will use academia language with you.
As a plus you’d have #
- Experience in auditing and / or design of cryptosystems: our R&D team participates both in the development of our own designs and helps clients to improve their developments.
- An understanding how modern blockchains work with transaction privacy, what primitives are used, multi-signature protocols, consensus.
- The general understanding of zero knowledge proof protocols (interactive & non-interactive). We work with ZKP a lot, so it will be important to have a general understanding or willinness to learn.
Please note that you can be a perfect fit even if not everything we’ve outlined above applies to you. If you have any questions, please don’t hesitate to ask – everyone is unique.
We offer: #
Unique area of expertise: #
- Difficult and interesting work at the forefront of cryptography: zero knowledge proofs, private information retrieval, smpc and other fascinating problems in the applied field. We work with a full cycle of modern cryptographic problems: from scientific papers and mathematics, test implementation and PoC, to production-ready implementation of cryptographic controls in software.
- Public track record in the Open Source part of the products and the opportunity to participate in research projects with companies that are moving different parts of applied cryptography in finance, distributed computing and privacy-enabling technologies forward.
- Work at the intersection of technologies: cryptography, software engineering, information security. You won’t be bored :)
- A sense of meaning and responsibility for those who have been tamed - your code will work for many years in large and small systems, from data protection in power plant management to advanced cryptocurrencies.
- Friendly and experienced team: smart people to learn from, great people to build with. Each of us is unique, we value and support each other.
- An atmosphere that motivates you to grow and get smarter every month, a healthy ratio of routine / experimentation.
- Trust: schedule, reporting, bureaucracy is kept at reasonable minimum. We hire smart people and trust them to do the right thing. When things go wrong, we help rather than punish.
- Shared decision making: this business is driven by engineering excellence, so engineers are important part of tactical and strategical business decisions.
- Friendly to humans: not just a formal vacation and sick leave quota. Feel like your mental or physical wellbeing needs care? Take some time off. Feel like working a few days from home? Sure. As long as you’re in line, we are here to support you when you’re not.
- Team that facilitates internal learning and growth all the time.
- Interesting technologies to work with — sometimes, even unique ones (we design applied cryptography schemes and techniques and novel ways to use them).
- Ability to grow into one of the fastest growing industry sectors (computer security) with a team of experienced professionals.
- Management attention to help you improve upon your personal goals (through regular 1:1s and mentoring).
- Competitive compensation with flexible bonus scheme.
- Sick leaves, 21 vacation days a year, extra days off — according to agreements and laws.
- Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a lot in talks, workshops and blog posts.
Not sure but considering? Talk to us. #
If you see yourself fit but a few things are off — don’t hesitate to talk anyway. It might be that your unique combination of skills and knowledge would be perfectly fitting for our environment, but we both just don’t know it yet.
How to apply?
We'd like to get your CV to start a conversation. A supporting letter explaining your story, your interest in cryptography, what you have done in the past and what kind of work you find interesting would help, but is not necessary.