Lead Cryptography Engineer (MPC & Confidential Computing)

Wells Fargo Bank•Iselin, NJ

7h•Hybrid

About The Position

Wells Fargo is seeking a Lead Specialty Software Engineer (Cryptography Engineer) to contribute to a next-generation Digital Asset Platform designed to solve the most critical challenge in institutional finance: achieving strict regulatory compliance without compromising transaction confidentiality. As a Lead Cryptography Engineer you will be responsible for architecting the core Key Management Service (KMS). You will sit at the intersection of applied cryptography, hardware security, and distributed systems, implementing threshold signing protocols inside attested execution environments. Why Join Us? Work on "Hard" Problems: You aren't just calling crypto libraries; you are building a system where code meets hardware to solve fundamental trust problems in digital finance High-Impact Engineering: Your code will secure billions in institutional assets against nation-state level threats and insider attacks Technical Autonomy: You'll lead architectural decisions for the custody engine, defining how we leverage the latest in MPC and Confidential Computing

Requirements

5+ years of Specialty Software Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
3+ years of experience in backend or systems programming, with expert-level proficiency in Go (Golang)
6+ months of experience with Elliptic Curve Cryptography (ECC)
1+ year of experience with BFT consensus algorithms, P2P networking, and state replication; reliable distributed systems experience

Nice To Haves

Blockchain Core: Deep experience with Cosmos SDK and CometBFT . Comfort building custom modules and modifying consensus logic, not just deploying smart contracts
Pedersen Commitments (Homomorphic encryption properties)
Zero-Knowledge Proofs (specifically Bulletproofs or Sigma protocols)
Math-to-Code: Demonstrated ability to read academic whitepapers/preprints and translate mathematical specifications into functioning code
Experience with MPC (Multi-Party Computation) or Verifiable Secret Sharing (VSS) schemes
Familiarity with the Ristretto255 curve or libraries like gnark-crypto
Background in FinTech, payment systems, or high-frequency trading platforms
Understanding of the Account Model vs. UTXO Model trade-offs in privacy-preserving ledgers

Responsibilities

MPC Protocol Implementation: Architect and implement high-performance threshold signature schemes (specifically DKLS23 or similar) for ECDSA key generation and signing
Confidential Computing Architecture: Design and build services that run inside Trusted Execution Environments (TEEs) , specifically targeting AMD SEV-SNP and Intel TDX via Confidential Containers (CoCo)
Attestation Framework: Implement the RATS (Remote ATtestation procedureS) architecture (RFC 9334) to ensure that no key share is released until the requesting node proves its hardware and software integrity to a Key Broker Service
Hardware Security Integration: Design "Cold Ceremony" workflows that integrate offline hardware tokens as offline Key Encryption Keys (KEKs) for disaster recovery and deep storage
Secure Enclave Development: Write and optimize memory-safe code (Rust/Go) that operates on key material exclusively within encrypted memory regions, ensuring zero leakage to the host OS or hypervisor
Policy-to-Cryptography Binding: Design mechanisms to cryptographically bind business logic approvals (e.g., WebAuthn assertions) directly to the MPC signing session, eliminating the gap between "approval" and "execution"