About the Role
You will join a small, high-ownership team building KMS, the key-management and signing service behind ZeroDev's embedded wallets. You'll own backend services and the cryptographic recovery and trust-model machinery around them, helping grow the platform from interactive consumer wallets toward programmatic and automated signing and programmable transaction policy. You'll work on security-critical, externally audited infrastructure with a high review bar, writing Go services, working with trusted execution environments, integrating authentication and signing providers, and operating production systems on Kubernetes.
Requirements
- Strong backend engineering experience shipping and operating production services in Go or an adjacent systems language
- Security-first mindset with ability to reason about threat models, blast radius, and key custody
- Comfortable with applied-cryptography fundamentals such as public-key crypto, signatures, and key management
- Solid understanding of distributed systems and API design including idempotency and failure modes
- Operational maturity with Kubernetes, observability, and incident response
- Clear written communication skills for design docs and decision records
- TEE experience such as AWS Nitro Enclaves, Intel SGX/TDX, or similar is a plus
- Threshold cryptography or MPC experience such as DKG, FROST, or verifiable secret sharing is a plus
- Account abstraction experience such as ERC-4337, EIP-7702, or smart-account wallets is a plus
- Experience with custody or signing providers such as Turnkey or Fireblocks is a plus
- HSM, YubiKey, PIV, or secure-element integration experience is a plus
- Experience with third-party security audits and remediation is a plus
- Experience with WebAuthn, passkeys, OAuth/OIDC, and the Go crypto ecosystem is a plus
Responsibilities
- Build Go backend services that broker wallet creation, authentication, and signing at scale
- Implement key recovery and the committee trust model using distributed key generation and secret sharing
- Operate trusted execution environments, reconstructing and operating on key material under hardware isolation and remote attestation
- Integrate authentication and signing-provider flows including passkeys, WebAuthn, OAuth, OTP, sessions, and 2FA
- Write design docs and decision records and work directly with external security auditors
- Operate production services on Kubernetes including observability, alerting, secrets and certificate management, and on-call
- Implement compliance controls such as sanctions screening and PII-safe handling
Benefits
- Remote-first global workforce + NY office
- Annual company offsite + team onsites
- Professional reimbursement program
- Medical, dental & vision coverage
- 401k retirement plan + company match
- Wellness stipend
- Home office set up / ergonomic equipment program