Website WELLSFARGO
Today, Wells Fargo & Company (NYSE: WFC) is a leading financial services company that has approximately $2.2 trillion in assets. We provide a diversified set of banking, investment and mortgage products and services, as well as consumer and commercial finance, through our four reportable operating segments: Consumer Banking and Lending, Commercial Banking, Corporate and Investment Banking, and Wealth & Investment Management. Wells Fargo ranked No. 33 on Fortune’s 2025 rankings of America’s largest corporations.
We are looking for a Lead Cryptography & Systems Engineer to own the architecture of our core Key Management Service (KMS). This is the engine powering our next-gen Digital Asset Platform, and it sits right at the chaotic intersection of applied math, bare-metal hardware security, and distributed systems.
This isn’t a role where you just glue APIs together. You will be designing the systems that protect billions of dollars in institutional assets, writing code that directly interacts with secure hardware to solve fundamental trust problems.
What You’ll Actually Be Doing:
- Baking MPC into Production: You’ll design and implement high-performance threshold signature schemes, specifically looking at DKLS23 or similar architectures for distributed ECDSA key generation and signing.
- Living inside the Enclave: You’ll architect services that run inside Trusted Execution Environments (TEEs), specifically targeting AMD SEV-SNP and Intel TDX using Confidential Containers (CoCo).
- Proving Trust via Attestation: You’ll build out the RATS (Remote ATtestation procedureS, RFC 9334) framework to ensure we rigorously verify hardware and software integrity before a single key share is ever released.
- Orchestrating Cold Ceremonies: You’ll design the ultimate fallback workflows—air-gapped “Cold Ceremonies” using offline hardware tokens as Key Encryption Keys (KEKs) for disaster recovery.
- Writing Bulletproof Code: You’ll write and optimize memory-safe code in Go or Rust that handles sensitive key material exclusively within isolated, encrypted memory regions.
- Closing the Execution Gap: You’ll cryptographically bind business approvals (like WebAuthn assertions) straight to the active MPC signing session, ensuring that authorization and execution are fundamentally inseparable.
Must Haves
- 5+ years in serious software engineering roles, with at least 3+ years down in the trenches of backend systems programming. You should have expert-level mastery of Go (Golang).
- 6+ months of hands-on experience dealing directly with Elliptic Curve Cryptography (ECC).
- 1+ year designing or maintaining reliable distributed systems, meaning you understand BFT consensus algorithms, P2P networking, and state replication inside and out.
The requirement list:
- Blockchain Core Experience: You’ve spent time deep in the Cosmos SDK and CometBFT, and you’re comfortable modifying consensus logic or building custom modules from scratch.
- Math-to-Code Fluency: You can pick up a fresh academic whitepaper, parse the complex mathematical notation, and translate it into clean, production-grade code.
- Advanced Crypto Tools: You’ve played with or deployed MPC, Verifiable Secret Sharing (VSS), Pedersen Commitments, and Zero-Knowledge Proofs (like Bulletproofs or Sigma protocols). Bonus points if you know your way around the Ristretto255 curve.
- FinTech Context: You come from a background in FinTech, payment infrastructure, or high-frequency trading, and you can instantly debate the architectural pros and cons of Account vs. UTXO models.
Benefits Invovled
- This is a hybrid role based out of our offices in Iselin, NJ, Columbus, OH, or Concord, CA. (Note: We can’t offer relocation assistance for this one).
- The Benefits: You’ll get comprehensive health coverage, a solid 401(k) match, plenty of PTO, parental and caregiving leave, and tuition/adoption assistance.
To apply for this job please visit www.wellsfargojobs.com.