Zen Crypted Backend Engineer

Statement of Work — Backend Engineer (Elixir / Erlang / ASN.1)

Project: Development and enhancement of secure military-grade instant messaging server
Position: Senior/Middle Backend Engineer (Elixir primary, Erlang/OTP understanding required)
Project context: The company is building a high-security chat platform for defense/government use cases. The backend is based on the open-source CHAT server, which implements a custom ASN.1/DER-encoded protocol over TCP/QUIC with full X.509 CMS envelope encryption, OCSP/LDAP validation, ephemeral messages, and standards compliance (RFC 5280, 5652, 8551, ДСТУ 4145, etc.).

Scope of Work (main deliverables):

Deep code audit and refactoring of the existing Elixir/Erlang codebase:

• Review ASN.1 modules (priv/v2/CHAT-v2.asn1 + related PKIX/CMS modules)
• Optimize Mnesia usage for message delivery / persistence
• Harden crypto operations (crypto / public_key / ssl modules)

Implementation / enhancement of military-specific features:

• Integration of Ukrainian national crypto algorithms (ДСТУ 4145 / ДСТУ 4146 where applicable)
• Support for post-quantum key exchange primitives (if roadmap includes)
• Enhanced certificate enrollment flows (CMPv2 / EST / SCEP)
• Audit logging compliant with defense standards (tamper-evident, exportable)
• Granular access control and zero-trust message routing

Protocol evolution:

• Extend ASN.1 schema for new message types (e.g., file transfer with large attachments, voice/video signaling stubs, MLS-like group keying if required)
• Implement QUIC transport improvements (0-RTT, connection migration)
• Add optional federation support (via XMPP/OMEMO-like bridging or native)

Security hardening & compliance:

• Side-channel resistance improvements
• FIPS-like mode (or equivalent) for crypto primitives
• Preparation for external security audit / pentest
• OCSP stapling, CRL checking, DNSSEC integration

DevOps & release engineering:

• Improve mix release process, Docker / systemd packaging
• Monitoring / metrics (Prometheus / telemetry)
• CI/CD pipeline enhancements (tests coverage > 85%)

Required skills & experience (for job/CV screening):

• 4+ years commercial experience with Elixir (or strong Erlang/OTP transferable)
• Deep understanding of Erlang/OTP behaviors, supervision trees, gen_server / gen_statem
• Experience with cryptography in production (OpenSSL / Erlang :crypto, X.509, CMS/S-MIME, ECDSA / Ed25519 / X25519)
• Practical work with ASN.1 (encoding/decoding, custom compilers, BER/DER/PER)
• Familiarity with PKI infrastructure (CA, OCSP, LDAP, CMP/EST)
• Experience in defense/military/government projects, QUIC, post-quantum crypto, Mnesia / DETS
• Understanding of secure protocol design (avoiding common pitfalls like replay / downgrade attacks)
• English (Upper-Intermediate) + Ukrainian (advantage)
• PhD or Master degree in Computer Science or Mathematics.

Nice to have:

• Experience with N2O.DEV, ERP.UNO open source stack
• Knowledge of MLS (Messaging Layer Security) RFC

Estimated engagement & Success criteria:

• Estimated engagement: Full-time / 6–12 months initial contract with extension option
• Success criteria: Stable, auditable server passing internal crypto verification + security review; new features merged into fork/main branch.