Last active
March 22, 2026 03:23
-
-
Save 5HT/c7d83465dc976cc3abcd428adc3bbc5a to your computer and use it in GitHub Desktop.
Zen Crypted Backend Developer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Zen Crypted Backend Developer | |
| ============================= | |
| Statement of Work – Backend Developer (Elixir / Erlang / ASN.1) | |
| *Project*: Development and enhancement of secure military-grade instant messaging server | |
| *Position*: Senior/Middle Backend Developer (Elixir primary, Erlang/OTP understanding required) | |
| *Project context*: The company is building a high-security chat platform for defense/government use cases. | |
| The backend is based on the open-source CHAT server, which implements a custom ASN.1/DER-encoded protocol | |
| over TCP/QUIC with full X.509 CMS envelope encryption, OCSP/LDAP validation, ephemeral messages, | |
| and standards compliance (RFC 5280, 5652, 8551, ДСТУ 4145, etc.). | |
| Scope of Work (main deliverables): | |
| * Deep code audit and refactoring of the existing Elixir/Erlang codebase: | |
| * Review ASN.1 modules (priv/v2/CHAT-v2.asn1 + related PKIX/CMS modules) | |
| * Optimize Mnesia usage for message delivery / persistence | |
| * Harden crypto operations (crypto / public_key / ssl modules) | |
| Implementation / enhancement of military-specific features: | |
| * Integration of Ukrainian national crypto algorithms (ДСТУ 4145 / ДСТУ 4146 where applicable) | |
| * Support for post-quantum key exchange primitives (if roadmap includes) | |
| * Enhanced certificate enrollment flows (CMPv2 / EST / SCEP) | |
| * Audit logging compliant with defense standards (tamper-evident, exportable) | |
| * Granular access control and zero-trust message routing | |
| Protocol evolution: | |
| * Extend ASN.1 schema for new message types (e.g., file transfer with large attachments, | |
| voice/video signaling stubs, MLS-like group keying if required) | |
| * Implement QUIC transport improvements (0-RTT, connection migration) | |
| * Add optional federation support (via XMPP/OMEMO-like bridging or native) | |
| Security hardening & compliance: | |
| * Side-channel resistance improvements | |
| * FIPS-like mode (or equivalent) for crypto primitives | |
| * Preparation for external security audit / pentest | |
| * OCSP stapling, CRL checking, DNSSEC integration | |
| DevOps & release engineering: | |
| * Improve mix release process, Docker / systemd packaging | |
| * Monitoring / metrics (Prometheus / telemetry) | |
| * CI/CD pipeline enhancements (tests coverage > 85%) | |
| Required skills & experience (for job/CV screening): | |
| * 4+ years commercial experience with Elixir (or strong Erlang/OTP transferable) | |
| * Deep understanding of Erlang/OTP behaviors, supervision trees, gen_server / gen_statem | |
| * Experience with cryptography in production (OpenSSL / Erlang :crypto, X.509, CMS/S-MIME, ECDSA / Ed25519 / X25519) | |
| * Practical work with ASN.1 (encoding/decoding, custom compilers, BER/DER/PER) | |
| * Familiarity with PKI infrastructure (CA, OCSP, LDAP, CMP/EST) | |
| * Bonus: experience in defense/military/government projects, QUIC, post-quantum crypto, Mnesia / DETS | |
| * Understanding of secure protocol design (avoiding common pitfalls like replay / downgrade attacks) | |
| * English (Upper-Intermediate) + Ukrainian (advantage) | |
| Nice to have: | |
| * Experience with N2O.DEV, ERP.UNO open source stack | |
| * Knowledge of MLS (Messaging Layer Security) RFC | |
| Estimated engagement: Full-time / 6–12 months initial contract with extension option | |
| Success criteria: Stable, auditable server passing internal crypto verification + security review; | |
| new features merged into fork/main branch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment