Principal Mobile Platform Security Engineer - SDK Owner - remote
Why we are hiring
Truepic develops the world's most secure camera technology for mobile devices. We empower viewers to make better-informed decisions through high integrity photos &videos. Our team is dedicated to restoring trust in every pixel of consequence, with the goal of having a shared sense of visual reality across the internet by 2030. We are are embarking on a game-changing endeavor to bring our award-winning Controlled Capture secure camera technology (named one of TIME Magazine’s Best Inventions of 2020) to any camera-enabled app. As a Principal R&D Software Engineer in our R&D division, you will architect, develop, and own the core orchestration logic for our software-based Controlled Capture library on both iOS and Android. Your code for both mobile platforms will provide the trusted foundation needed to produce high integrity photos and videos worthy of the Truepic brand. Your work will help cement Truepic’s position on the bleeding edge of the battle against visual deception, including defending against AI-synthesized deepfakes. Authenticatable photos and videos produced by apps that integrate your code will aid critical decision making by customers at Tier 1 internet platforms, financial service companies, international NGOs, and governments.
Core Responsibilities:
- Architect and implement secure, high-performance orchestration libraries for both iOS and Android that perform the following functions:
- Verify device integrity
- Handle device authentication and attestation with the Truepic Certificate Authority backend
- Secure and initiate the capture process for camera and other sensors
- Perform cryptographic operations including generating cryptographic keys, generating certificate signing requests, hashing to generate multihash- and multibase- formatted digests, and generating digital signatures
- Manage long-term and short-term secrets storage, including authentication credentials and digital signature keys
- Provide the primary abstracted interface to upper-layer containing apps
- Function consistently on a broad spectrum of device models, underlying hardware capabilities, and operating system versions
- Work closely with iOS and Android R&D engineers to integrate their sensor data acquisition and file writing modules with the above mentioned orchestration libraries, into a coherent, secure, high performance, cross-platform Controlled Capture library with minimal storage and memory footprint.
- Work closely with the Truepic Certificate Authority team, the hardware security team, and the product engineering team on designing a secure, scalable protocol for mobile device authentication and attestation.
- Work with the product engineering team to lay the groundwork for an elegant, consistent API for the cross-platform Controlled Capture library for both iOS and Android, enabling seamless integration of Truepic’s secure camera technology into any mobile app.
- Be accountable to the Truepic product engineering team for Controlled Capture library stability, footprint, and performance
- Contribute to the creation of an open standard for authenticatable media files alongside industry heavyweights such as Adobe, Twitter, Microsoft, and more.
- Collaborate with the broader Truepic R&D team on a unified architectural approach to Controlled Capture technology
You will succeed in this role if you:
- Have deep, proven experience developing iOS and Android software for high security applications
- Have deep, proven expertise with C, C++, Swift, Objective-C, Java, and Kotlin
- Have deep, proven expertise with Public Key Infrastructure (PKI) concepts, including internet standards for cryptographic algorithms, hashing schemes, digital signature schemes, trusted time-stamping, and cryptographic certificates.
- Have experience with leveraging mobile device attestation technologies on iOS and Android
- Have experience with leveraging platform security tools such as Secure Enclave on iOS and StrongBox KeyStore on Android for generating, storing, and managing authentication and signature secrets
- Have experience implementing proactive defenses against device compromise, rooting, jailbreaking, peripheral spoofing, buffer manipulation, authentication abuse, authentication bypass, state manipulation, code injection, and MITM attacks.
- Have experience designing and implementing secure communication protocols to interface with backend servers
- Ideally, have experience with creating reusable software libraries using CocoaPods and/or Swift Package Manager for iOS, and AAR bundles and Maven for Android
- Have superb communication skills and the ability to make compelling data-driven arguments for your architectural and implementation recommendations
- Have a proven ability to be self-driven in applying a methodical approach to exploring novel solutions to unexplored problem spaces