Cryptographer/Security auditor
Our work is used by numerous high value users all around the world. High value assets require high value security; a cryptographer would be one who can trivially explain public key cryptography schemes, post-quantum cryptography, find vulnerabilities in common protocols and be able to adapt cryptography for new and intricate scenarios.
Minimum qualifications
- Experience with modern infrastructure technologies
- Command and software development experience in any of Go, Rust, C++, Java or Python.
- Experience with modern SDLC practices (CI, testing frameworks, code coverage)
- Experience with modern cryptography protocols and algorithms (such as TLS 1.3, WireGuard, Ed25519 signatures, BLAKE2 hashing)
- Familiarity with cryptography related cloud services (such as KMS and cloud HSMs)
- Experience in reviewing code for security defects (bugs or design errors)
- Ability to write patches and associated tests
Extras
- Proven record of reporting vulnerabilities to third party projects.
- Participation in a Capture The Flag (CTF) competitions and bug bounties.
About the job
This role will involve examining all our backend infrastructure, auditing and examining policy decisions that Orijtech Inc makes for all our products. You shall also audit critical code, write reports and coordinate with our engineering teams, security incident response (IR) teams as well as customers. Out of the box thinking will be common so hopefully you are very versatile, and that you can learn fast.
You should for example be able to explain why Ed22519 is perceived as safer than ECDSA; to give examples of timing attacks, and to automatically detect vulnerable dependencies in Go or Rust projects.