DTII (Digital Trust Infrastructure India) is a Pune-based deep-tech company building foundational infrastructure for verifiable digital identity and trusted document workflows in India. We operate at the intersection of hardware security, cryptographic systems, and regulatory compliance — developing the layer that sits beneath critical digital operations across professional, enterprise, and government-adjacent domains. Our work is infrastructure-grade, standards-driven, and built for national scale.
ROLECryptographic Systems Engineer Location: Pune, India (On-site) Function: Engineering — Cryptography & Security
ABOUT THE ROLE This is one of the most technically specialized roles in our organisation. We are looking for a cryptography engineer who has not merely integrated cryptographic libraries — but has written them. You will be working on the PKI layer at the heart of our hardware-backed trust platform, implementing provider-level cryptographic modules that must operate correctly under adversarial conditions and regulatory scrutiny.
This role demands exceptional depth in systems-level security programming and a genuine understanding of how cryptographic protocols behave at the implementation level, not just on paper.
WHAT YOU'LL DO
- Design, implement, and maintain PKCS#11 provider-level modules in C/C++ — including writing or modifying Cryptoki-compliant libraries from scratch
- Build and manage secure memory handling routines: explicit zeroing, memory-locked buffers, guard pages
- Implement Windows DLL and Linux .so provider registration for cryptographic middleware
- Integrate with HSMs and secure hardware elements; design and test key lifecycle management flows
- Work on TLS 1.3 stack integration and ensure protocol-level correctness
- Collaborate with the firmware and cloud relay engineering teams to ensure end-to-end cryptographic integrity across the system stack
- Contribute to PKI architecture decisions, including certificate issuance, revocation, and audit trail design
- Support compliance reviews and cryptographic audits aligned with India's IT Act, CCA guidelines, and DPDP framework
WHAT WE'RE LOOKING FOR
Must-have:
- 5+ years in systems-level security programming with a focus on cryptographic implementations
- Demonstrated experience writing or modifying a Cryptoki-compliant PKCS#11 library (not merely integrating one) — this is non-negotiable
- Deep familiarity with at least one of: OpenSC, SoftHSM, Mozilla NSS, or OpenSSL engine development
- Strong command of C and C++; experience with low-level memory management in security-sensitive contexts
- Sound understanding of applied cryptography: ECC, RSA, AES, SHA-2/SHA-3, X.509, PKCS standards
Good to have:
- Exposure to FIDO2 / WebAuthn standards
- Familiarity with Common Criteria evaluation processes or EMVCo
- Experience with hardware security modules (Thales HSM, AWS CloudHSM, or equivalent)
- Prior work in DRDO, defence-grade cryptography environments, or national identity infrastructure
- Contributions to open-source projects (OpenSC, NSS, GnuTLS etc.) — GitHub profile will be reviewed
