Senior Application Security Engineer (Cryptography)

About the Role

We are looking for a Senior Application Security Engineer (Cryptography) to join a Client’s team building a Zero-Knowledge, privacy-first product.

This role is for an internal adversary and cryptography architect — someone who validates that our Zero-Knowledge and security claims are mathematically sound, not just marketing statements.

Your mission is to actively attack our own system, identify cryptographic flaws, detect metadata leaks, and prevent key compromise before real attackers do.

Location: Remote
Cooperation Type: Full-time, long-term
Experience Level: Senior
Start: ASAP

Responsibilities

• Audit and validate cryptographic protocols (Signal Protocol, MLS, Zero-Knowledge Proofs / ZK-SNARKs)
• Review and assess security-critical implementations in mobile and backend systems
• Conduct threat modeling for Zero Trust and Zero-Knowledge architectures
• Identify vulnerabilities in mobile applications and cryptographic flows
• Perform security code reviews in Swift, Kotlin, and Java
• Execute penetration testing and security assessments using Burp Suite, Frida, Wireshark, Ghidra
• Perform mobile application security analysis (SAST / DAST)
• Design and review Private Set Intersection (PSI) schemes for secure contact discovery
• Audit secure local storage and offline-first encryption strategies (SQLCipher, Encrypted SQLite)
• Validate hardware-backed security usage (Secure Enclave / Android Keystore)
• Detect and mitigate metadata leaks, privacy risks, and key compromise threats
• Work closely with engineering teams to fix vulnerabilities and improve system security
• Document findings, security recommendations, and cryptographic risks

Requirements

• 6+ years of experience in application security, cryptography, or security engineering
• Deep understanding of cryptographic protocols (Signal Protocol, MLS, Zero-Knowledge Proofs / ZK-SNARKs)
• Strong knowledge of applied cryptography and encryption principles
• Experience reviewing and auditing security-critical code in Swift, Kotlin, or Java
• Experience with mobile application security and client-side threat models
• Hands-on experience with penetration testing tools (Burp Suite, Frida, Wireshark, Ghidra)
• Experience conducting SAST / DAST and mobile security assessments
• Experience designing or reviewing Private Set Intersection (PSI) solutions
• Experience with threat modeling for Zero Trust architectures
• Strong understanding of secure local storage and offline-first encryption (SQLCipher, encrypted SQLite)
• Familiarity with hardware-backed security (Secure Enclave, Android Keystore)
• Ability to think like an attacker and proactively break systems before others do
• English: Upper-Intermediate or higher

Nice to Have

• Experience working on Zero-Knowledge systems in production
• Experience with formal cryptographic verification or research
• Experience with reverse engineering mobile applications
• Background in security research, bug bounty, or CTFs
• Experience with privacy-preserving systems or anonymous networks
• Contributions to open-source security or cryptography projects

What We Offer

• Competitive compensation according to your experience (gross system)
• Fully remote work and long-term cooperation
• Opportunity to work on a deeply technical, cryptography-heavy security role
• Direct impact on core Zero-Knowledge and privacy architecture
• Fast hiring process and quick decision
• Supportive engineering culture focused on security, correctness, and ownership

What happens after you apply

• Quick CV review
• Short recruiter call
• Technical interview with LITSLINK team
• Technical deep-dive with the Client
• Fast decision & offer