Design, build, and operate components of the Host Assurance platform that establish trust in bare-metal hosts before they are eligible for production use.
Help ensure hosts are verifiably trustworthy from delivery and installation through secure bootstrap and readiness to join orchestration systems.
Build and improve systems such as machine identity, certificate issuance and enrollment, HSM-backed or key-management-backed trust services, host attestation, measurement, and baseline verification tooling.
Validate delivered hardware and firmware against vendor claims and continuously detect and manage drift over time.
Eliminate insecure bootstrap patterns while preserving deployment throughput and operational reliability. Partner with provisioning, fleet, and orchestration teams to deliver paved paths where the secure approach is the easiest approach.
Contribute code, reviews, operational improvements, and design guidance for foundational trust services that must be dependable at scale.
Help define observable, testable security properties for host platforms and improve the telemetry and validation needed to enforce them in practice.
Participate in incident response, debugging, and post-incident improvements for security-critical infrastructure.
Work across different deployment models and provider boundaries while maintaining a consistent bar for host trust outcomes.

Requirements

Have strong software engineering experience building and operating reliable production systems at scale.
Have deep expertise in at least one relevant domain such as PKI, HSMs, machine identity, applied cryptography, secure boot, firmware or hardware security, host attestation, or low-level platform security.
Are comfortable working across systems boundaries, from services and APIs down to host, boot, firmware, or hardware-adjacent trust mechanisms.
Can write production quality code and reason clearly about failure modes, operational safety, and long-term maintainability.
Have experience replacing fragile or manual security mechanisms with durable, paved-path infrastructure.
Balance rigor with pragmatism, and care about making strong security controls deployable in real-world environments.
Are self-directed, low ego, and willing to work across disciplines to solve the most important problems.
Enjoy building in ambiguous spaces where the architecture is still emerging, stakes are at all time high, and the future is being built.

Benefits

Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
401(k) retirement plan with employer match
Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
Mental health and wellness support
Employer-paid basic life and disability coverage
Annual learning and development stipend to fuel your professional growth
Daily meals in our offices, and meal delivery credits as eligible
Relocation support for eligible employees
Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

software engineeringproduction systemsPKIHSMmachine identityapplied cryptographysecure bootfirmware securityhost attestationlow-level platform security

Soft Skills

self-directedlow egocross-disciplinary collaborationproblem-solvingoperational safetylong-term maintainabilitypragmatismambiguity management