Senior Engineer, Agentic Identity

WHAT YOU'LL DO

• Build and maintain the runtime issuer/mint: OAuth Token Exchange (RFC 8693), JWS credentials (RFC 7515/7519, SD-JWT-VC), and Merkle audit log with real-time revocation.
• Own and evolve the wire format and claim registry: JWT profile, verification_level/verification_method enums, and eIDAS/NIST IAL/FATF CDD crosswalk.
• Implement sub-millisecond JWS verification and Web Bot Auth signature checks (RFC 9421) at the HTTP edge for counterparty CDNs, merchants, and publisher paywalls.
• Build and maintain Passport - the user's cloud-resident principal account with canonical handle, KYC/KYB record, authorized-operators list, audit feed, and authenticator binding.
• Develop operator integration: embedded KYB onboarding inside first OAuth 2.0 consent, per-operator opt-in, and webhook delivery via Svix.
• Work across a Python 3.13 monorepo (FastAPI, Cloud Tasks, Cloud Run, SQLModel/SQLAlchemy) and Go for performance-critical substrate components.

MINIMUM REQUIREMENTS

• Shipped systems where cryptographic correctness was load-bearing: OAuth/OIDC IdP, token issuer, signing service, HSM-backed signer, passkey/WebAuthn flow, or similar.
• Fluent in Python and Go, or strong in one with a track record of learning the other quickly.
• Reads RFCs as primary sources and holds informed opinions on JWK thumbprint canonicalization, pairwise-sub derivation, and Signature-Input header serialization.
• Deep understanding of the distinction between identity and authorization, mandate and claim, snapshot and live state.
• Production experience with async Python on Postgres, including migration safety and observability.

WHAT SETS YOU APART

• Verifiable credentials / SSI / DID work - especially SD-JWT-VC, OID4VC, or the W3C VC stack.
• Certificate Transparency, Trillian, or similar append-only-log experience.
• KYC/KYB pipeline experience: provider abstraction, evidence retention, eIDAS/FATF CDD level mapping, ownership-chain resolution.
• Edge/CDN engineering - Cloudflare Workers, Fastly Compute, Envoy filters, or mTLS at the edge.
• Familiarity with AP2, x402, MPP, UCP, or Mastercard VI specs and how identity rides alongside mandate.

COMPENSATION

Salary Range: $195k – $300k + Equity | 0.05% – 0.25%

BENEFITS

• Time off when you need it: Flexible PTO so you can recharge without red tape
• In-person energy: We're based in SF and meet in the office 4 days a week
• Competitive compensation: We pay well and back it with equity. We want you to think and act like an owner
• Career rocket fuel: You'll help build the foundation of a high-growth startup, working side by side with experienced founders and team members who've done it before
• Benefits on us: We cover 100% of your health, dental, and vision premiums. No surprise deductions from your paycheck
• 401(k) with company match: We match your contributions so your future self benefits too
• HSA contributions included: We contribute to your HSA on applicable plans, so your coverage works as hard as you do
• Stay healthy, stay sharp: A $250 monthly gym stipend to help you bring your best self to work, and everywhere else
• A seat at the table: We believe in transparency, radical candor, and giving every team member a voice 🔥