Truepic develops the world's most secure camera technology for mobile devices. We empower viewers to make better-informed decisions through high integrity photos &videos. Our team is dedicated to restoring trust in every pixel of consequence, with the goal of having a shared sense of visual reality across the internet by 2030.
We are are embarking on a game-changing endeavor to bring our award-winning Controlled Capture secure camera technology (named one of TIME Magazine’s Best Inventions of 2020) to any camera-enabled app. As an Android SDK Engineer in our R&D division, you will architect, develop, and own the core orchestration logic for our software-based Controlled Capture SDK. Your code will provide the trusted foundation needed to produce high integrity photos and videos worthy of the Truepic brand.
Your work will help cement Truepic’s position on the bleeding edge of the battle against visual deception, including defending against AI-synthesized deepfakes. Authenticatable photos and videos produced by apps that integrate your code will aid critical decision making by customers at Tier 1 internet platforms, financial service companies, international NGOs, and governments.
Core Responsibilities:
- Design and write secure, modular, high-performance orchestration libraries for Android that perform the following functions:
- Verify device integrity
- Handle device authentication and attestation with the Truepic Certificate Authority backend
- Secure and initiate the capture process for camera and other sensors
- Perform cryptographic operations including generating cryptographic keys, generating certificate signing requests, hashing to generate multihash- and multibase- formatted digests, and generating digital signatures
- Manage long-term and short-term secrets storage, including authentication credentials and digital signature keys
- Provide the primary abstracted interface to upper-layer containing apps
- Function consistently on a broad spectrum of device models, underlying hardware capabilities, and operating system versions
- Work closely with Android sensor R&D engineers to integrate their sensor data acquisition and file writing modules with the above mentioned orchestration libraries, into a coherent, high performance secure camera SDK with minimal storage and memory footprint.
- Work closely with the Truepic Certificate Authority team, the hardware security team, and the product engineering team on designing a secure, scalable protocol for mobile device authentication and attestation.
- Be accountable to the Truepic product engineering team for secure camera SDK stability, footprint, and performance
- Contribute to the creation of an open standard for authenticatable media files alongside industry heavyweights such as Adobe, Twitter, Microsoft, and more.
- Collaborate with the broader Truepic R&D team on a unified architectural approach to Controlled Capture technology
Minimum quallifications
- Have experience developing Android apps or libraries for high security applications
- Have expertise with C, C++, and either Java or Kotlin
- Have experience implementing proactive defenses against device compromise, rooting, jailbreaking, peripheral spoofing, buffer manipulation, authentication abuse, authentication bypass, state manipulation, code injection, and MITM attacks.
- Have experience with code obfuscation and passing penetration testing
- Have experience designing and implementing secure communication protocols to interface with backend servers
- Have superb communication skills and the ability to make compelling data-driven arguments for your architectural and implementation recommendations
Preferred qualifications
- Have prior experience building SDKs or reusable libraries for Android, using AAR bundles and Maven
- Have knowledge of Public Key Infrastructure (PKI) concepts, including internet standards for cryptographic algorithms, hashing schemes, digital signature schemes, trusted time-stamping, and cryptographic certificates.
- Have experience with leveraging mobile device attestation technologies on Android
- Have experience with leveraging platform security tools such as Android StrongBox KeyStore for generating, storing, and managing authentication and signature secrets