Zen Crypted Client Engineer

Statement of Work — Client Engineer (Swift / iOS / ASN.1)

Project: Development and enhancement of secure military-grade iOS chat client
Position: iOS Engineer (Swift, security-focused)
Project context: The client is based on the open-source Chat X.509 for iOS, a server-less proof-of-concept using multicast UDP + X.509 certs for local encrypted messaging. The goal is to evolve it into a full client for the custom Elixir server (TCP/QUIC + ASN.1/DER protocol), with end-to-end X.509 CMS encryption and military-grade security.

Scope of Work (main deliverables):

Migration & refactoring from multicast UDP to client-server model:

• Replace UDP multicast with TCP/QUIC transport
• Implement full ASN.1/DER parser & serializer (using existing CHAT.asn1 schema)
• Integrate with backend protocol (AUTH, PRESENCE, MESSAGE, ROSTER, PROFILE, etc.)

Cryptographic core implementation:

• X.509 certificate handling (import, validation, chain building, OCSP stapling)
• CMS envelope encrypt/decrypt + sign/verify for every message
• Key management (private key in Secure Enclave, biometric protection)
• Support for ДСТУ national algorithms if required by client

UI/UX for military use case:

• Secure chat interface (threads, roster, presence, read receipts)
• Offline message queue + synchronization
• Minimalist, high-contrast UI suitable for field/gloved use
• Ephemeral / self-destructing messages support

Security & hardening:

• App Transport Security (ATS) compliance + custom pinning
• Jailbreak / debugger detection
• Data protection (NSFileProtectionCompleteUnlessOpen)
• Secure local storage (Keychain + encrypted SQLite / DataProtection)

Testing & release:

• Unit tests for crypto & ASN.1 logic (> 80% coverage)
• Integration tests with backend server
• Prepare for TestFlight / enterprise distribution
• Documentation for crypto verification / licensing needs

Required skills & experience (for job/CV screening):

• 4+ years commercial iOS development (Swift 5+)
• Strong experience with Security framework, CommonCrypto, CryptoKit
• Practical work with X.509 certificates, ASN.1 parsing (e.g. via Swift-ASN.1 or custom)
• Understanding of end-to-end encryption protocols (Signal-like, CMS/S-MIME)
• Experience with networking (URLSession, NWConnection, QUIC if possible)
• Familiarity with Secure Enclave, biometric auth (Face ID / Touch ID)
• English (Upper-Intermediate) + Ukrainian (advantage)
• PhD or Master degree in Computer Science or Mathematics.

Nice to have:

• Experience with military/government/defense apps (secure comms, STIG compliance)
• Background in cryptography / PKI on mobile
• Previous work with multicast UDP or local-network protocols
• Knowledge of Swift Package Manager for crypto libs

Estimated engagement & Success criteria:

• Estimated engagement: Full-time / 6–12 months initial contract with extension option
• Success criteria: Fully functional iOS client connecting to the custom server, passing end-to-end encryption verification, ready for security audit / field testing.