We are engineering a next-generation Digital Asset Platform designed to solve the "Approval-to-Execution Gap" in institutional finance: ensuring that digital asset transactions are signed only when strictly authorized by policy, without exposing private keys to cloud operators or insiders.
We are moving beyond standard hot wallets to build an institutional-grade Confidential Custody Infrastructure. Our platform combines Multi-Party Computation (MPC) with hardware-enforced Confidential Computing (TEEs) to create a "glass vault" a system where key operations are cryptographically isolated, attestable, and mathematically proven secure.
MPC Protocol Implementation: Architect and implement high-performance threshold signature schemes (specifically DKLS23 or similar) for ECDSA key generation and signing.
Confidential Computing Architecture: Design and build services that run inside Trusted Execution Environments (TEEs), specifically targeting AMD SEV-SNP and Client TDX via Confidential Containers (CoCo).
Attestation Framework: Implement the RATS (Remote ATtestation procedureS) architecture (RFC 9334) to ensure that no key share is released until the requesting node proves its hardware and software integrity to a Key Broker Service.
Hardware Security Integration: Design "Cold Ceremony" workflows that integrate offline hardware tokens as offline Key Encryption Keys (KEKs) for disaster recovery and deep storage.
Secure Enclave Development: Write and optimize memory-safe code (Rust/Go) that operates on key material exclusively within encrypted memory regions, ensuring zero leakage to the host OS or hypervisor.
Policy-to-Cryptography Binding: Design mechanisms to cryptographically bind business logic approvals (e.g., WebAuthn assertions) directly to the MPC signing session, eliminating the gap between "approval" and "execution".
Qualifications
Required (Must-Haves):
Systems Programming: 7+ years of experience in systems-level engineering, with expert proficiency in Go (for orchestration) and Rust (for cryptographic primitives).
Applied Cryptography: Deep experience implementing Threshold Cryptography and Multi-Party Computation (MPC). You should be comfortable implementing papers like GG20 from scratch.
Confidential Computing: Hands-on experience with TEE technologies, specifically Confidential Containers (CoCo), AMD SEV-SNP, or Client SGX/TDX. You must understand attestation flows, measurements, and memory encryption.
Attestation Standards: familiarity with the RATS architecture and components like Key Broker Services (KBS) and Attestation Services (AS).
Secure Architecture: Experience designing "Defense-in-Depth" systems where infrastructure (Kubernetes/Cloud) is treated as untrusted.
Preferred (Nice-to-Haves):
Experience with OIDC/Identity standards (integrating WebAuthn/FIDO2 with cryptographic operations).
Familiarity with CNCF Trustee or similar attestation frameworks.
Experience in institutional custody, key management, or high-security fintech environments.
EEO:
Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.