Truepic · Apr 7th 2021
Truepic develops the world's most secure camera technology for mobile devices. We empower viewers to make better-informed decisions through high integrity photos & videos. Our team is dedicated to restoring trust in every pixel of consequence, with the goal of having a shared sense of visual reality across the internet by 2030.
We are embarking on a game-changing endeavor to bring our award-winning Controlled Capture secure camera technology (named one of TIME Magazine’s Best Inventions of 2020) to any camera-enabled app. As an iOS SDK Engineer in our R&D division, you will architect, develop, and own the core orchestration logic for our software-based Controlled Capture SDK. Your code will provide the trusted foundation needed to produce high integrity photos and videos worthy of the Truepic brand.
Your work will help cement Truepic’s position on the bleeding edge of the battle against visual deception, including defending against AI-synthesized deepfakes. Authenticatable photos and videos produced by apps that integrate your code will aid critical decision-making by customers at Tier 1 internet platforms, financial service companies, international NGOs, and governments. Core Responsibilities:
Verify device integrity
Handle device authentication and attestation with the Truepic Certificate Authority backend
Secure and initiate the capture process for camera and other sensors
Perform cryptographic operations including generating cryptographic keys, generating certificate signing requests, hashing to generate multihash- and multibase- formatted digests, and generating digital signatures
Manage long-term and short-term secrets storage, including authentication credentials and digital signature keys
Provide the primary abstracted interface to upper-layer containing apps
Function consistently on a broad spectrum of device models, underlying hardware capabilities, and operating system versions
Work closely with iOS sensor R&D engineers to integrate their sensor data acquisition and file writing modules with the above-mentioned orchestration libraries, into a coherent, high-performance secure camera SDK with minimal storage and memory footprint.
Work closely with the Truepic Certificate Authority team, the hardware security team, and the product engineering team on designing a secure, scalable protocol for mobile device authentication and attestation.
Be accountable to the Truepic product engineering team for secure camera SDK stability, footprint, and performance
Contribute to the creation of an open standard for authenticatable media files alongside industry heavyweights such as Adobe, Twitter, Microsoft, and more.
Collaborate with the broader Truepic R&D team on a unified architectural approach to Controlled Capture technology
Must-have experience:
Have experience developing iOS apps or libraries for high-security applications
Have expertise with C, C++, and either Swift or Objective-C
Have experience implementing proactive defenses against device compromise, rooting, jailbreaking, peripheral spoofing, buffer manipulation, authentication abuse, authentication bypass, state manipulation, code injection, and MITM attacks.
Have experience with code obfuscation and passing penetration testing
Have experience designing and implementing secure communication protocols to interface with backend servers
Have superb communication skills and the ability to make compelling data-driven arguments for your architectural and implementation recommendations
Nice-to-have experience:
Have prior experience building SDKs or reusable libraries for iOS, using CocoaPods and/or Swift Package Manager
Have knowledge of Public Key Infrastructure (PKI) concepts, including internet standards for cryptographic algorithms, hashing schemes, digital signature schemes, trusted time-stamping, and cryptographic certificates.
Have experience with leveraging mobile device attestation technologies on iOS
Have experience with leveraging platform security tools such as Secure Enclave on iOS for generating, storing, and managing authentication and signature secrets