Senior Secure Mobile Engineer (Flutter)

Who:
We are looking for a Senior Secure Mobile Engineer with deep Flutter expertise and a strong background in applied cryptography and mobile security.

What:
You will build and secure the mobile client in a zero-knowledge architecture, where all encryption, key generation, and sensitive data handling happen entirely on the device.

When:
Immediate start.

Where:
Remote (time zone overlap preferred).

Why:
In a zero-knowledge system, the client is the gatekeeper — if the app is compromised, server security is irrelevant. This role is critical to the security, privacy, and trustworthiness of the entire platform.

Office Environment:
Small, senior-level engineering team focused on privacy, security, and high-impact architectural decisions.

Salary:
Competitive, based on experience and security expertise.

Position Overview:

This role owns the security of the mobile client. You will design and implement encryption workflows, secure storage, memory hygiene, and network protections while ensuring high performance and reliability. You’ll work on advanced cryptographic protocols, offline-first secure data handling, and privacy-preserving AI features — all running fully on device.

Core Technology Stack:

• Languages: Dart (expert), Swift / Kotlin (intermediate, for platform channels)
• Framework: Flutter (deep understanding of rendering engine, Isolates for heavy cryptographic workloads)
• State Management: Riverpod or BLoC (handling ephemeral state wiped on app close)

Key Responsibilities:

• Implement and maintain end-to-end encryption and key management on the client
• Design secure local data storage and lifecycle management
• Build Flutter platform channels for cryptographic and security-sensitive native operations
• Ensure memory hygiene by explicitly clearing sensitive data from RAM
• Implement strong network security protections against MITM and traffic analysis
• Collaborate closely with backend and security engineers on protocol correctness
• Review and harden the app against real-world mobile attack vectors

Crucial Security & Privacy Skills:

• Applied Cryptography:
  • Experience implementing Signal Protocol (Double Ratchet, X3DH) or MLS (Messaging Layer Security)
  • Deep understanding of session setup, replay attack prevention, and key lifecycle management
• Secure Storage:
  • Expert knowledge of iOS Keychain and Android Keystore
  • Experience implementing SQLCipher for fully encrypted local SQLite databases
• On-Device Search:
  • Experience building in-memory, on-device search engines without leaking data
• Memory Hygiene:
  • Writing code that actively clears keys and plaintext from memory after use
• Network Security:
  • Certificate Pinning implementation
  • Experience with Tor / Orbot or similar anonymous routing is a plus
• Local AI Integration:
  • Running on-device LLMs using TensorFlow Lite, MediaPipe, or similar
  • Ensuring AI features (summarization, translation) work offline without cloud data leakage

Ideal Candidate Profile:

• Senior-level Flutter engineer with a strong security mindset
• Comfortable owning mission-critical client security decisions
• Deep understanding of mobile OS internals and attack surfaces
• Pragmatic, detail-oriented, and uncompromising about privacy and correctness