Staff Software Engineer

 

THE WORK

 

We are seeking a new Staff Software Engineer to join the Platform Engineering team of our Custody department. In this role, you will own the design and development of secure enclave-based platforms used to isolate and protect our most critical cryptographic operations. You will engage with different trusted execution environments (TEEs) and you will define how Ripple Custody deploys highly sensitive components in strongly isolated environments while maintaining reliability, operability, and developer velocity.

You will work where distributed systems, applied cryptography, cloud infrastructure, and security engineering converge. This is a hands-on technical leadership role for someone who can design deep platform primitives, guide architecture across teams, and raise the security bar for custody infrastructure.

 

WHAT YOU'LL DO

 

• Design, build, and operate secure enclave infrastructure for cryptographic workloads, including signing, key handling, authorization, and policy enforcement.
• Develop platform abstractions that make enclave-based deployment reliable, observable, and usable by internal engineering teams.
• Evaluate and integrate trusted execution technologies across cloud providers, including AWS Nitro Enclaves, GCP confidential computing offerings, and IBM HPVS.
• Build secure communication patterns between enclaves and external services, including attestation, encrypted channels, service identity, and request validation.
• Partner with cryptography, security, infrastructure, and product engineering teams to define secure architectures for custody-critical systems.
• Lead threat modeling, design reviews, and implementation reviews for high-assurance components.
• Improve operational maturity around enclave workloads, including deployment, monitoring, incident response, key rotation, recovery, and disaster scenarios.
• Mentor senior engineers and influence technical direction across the Platform organization.
• Contribute to security standards, engineering guidelines, and long-term platform strategy.

 

WHAT YOU'LL BRING

 

• 10+ years of experience building production software, infrastructure, or distributed systems, with significant experience in security-sensitive and high-reliability environments.
• Strong hands-on programming experience in systems or backend languages such as Rust, Go, C, C++, or Java, with the ability to build reliable, maintainable services and platform components.
• Practical experience designing and operating systems that protect highly sensitive data, including secrets, cryptographic keys, signing material, or privileged workloads.
• Strong understanding of applied cryptography concepts, including encryption, digital signatures, key management, secure channels, attestation, and protection of data at rest, in transit, and in use.
• Deep knowledge of Linux, operating system fundamentals, networking, process isolation, and hardened runtime environments.
• Experience building or operating cloud-native infrastructure, including deployment automation, observability, service identity, access control, and production incident response.
• Ability to reason clearly about trust boundaries, threat models, failure modes, and defense-in-depth controls.
• Experience leading complex technical projects across teams, including architecture definition, technical design, implementation guidance, and mentoring senior engineers.
• Preferred: Hands-on experience with enclave-based or confidential computing platforms used to isolate sensitive workloads, such as AWS Nitro Enclaves, Google Confidential Space / Confidential VMs, IBM Hyper Protect Virtual Servers, Azure Confidential Computing, Intel SGX, AMD SEV-SNP, Intel TDX, or similar technologies.
• Preferred: Experience customizing Linux kernels, building minimal operating environments, hardening OS images, or working close to hardware, virtualization, or hypervisor boundaries.
• Preferred: Experience with HSMs, MPC, threshold signing, secure key ceremonies, custody infrastructure, wallet systems, payment systems, blockchain infrastructure, or other high-assurance cryptographic platforms.