Senior Security Engineer — Bio-Hybrid TESLA (IoT & Biometrics)

What you’ll work on

· Protocol implementation (Java): Extend and harden our current Java simulation for the Bio-Hybrid TESLA flow (key chain derivation, delayed disclosure, MAC verification, time windows, key commitment, and revocation handling).

· Biometric binding: Define how iris features/quality metrics bind to TESLA key schedules without leaking PII/templates; design privacy-preserving verification artifacts.

· IoT integration: Package the protocol for edge devices (e.g., mini-PC/industrial controller) interfacing with an iris scanner (e.g., CMITech EF-45 or similar) and site networks.

· Secure storage & key management: Keystore/TPM/HSM use on server/edge; nonce handling, replay protection, and secure audit logs.

· Resilience: Handle clock drift, packet loss, lossy links, offline windows, and device compromise scenarios; DoS-aware verification.

· API & data paths: Define secure APIs between React/Django back end, Java services, and MS SQL Server; ensure encrypted transit & at-rest data with clear key rotation plans.

· Threat modeling & tests: STRIDE-style analysis, unit/prop tests for cryptographic invariants, and red-team scripts for tamper/fuzz testing.

· Documentation: Developer-ready specs, message diagrams, and ops runbooks for deployment at construction sites.

Required qualifications

· 6+ years in security engineering or applied cryptography for production systems.

· Strong Java (security, concurrency, performance) and experience with at least one of:

Kotlin, Python, C/C++ for edge utilities.

· Hands-on with TESLA-like broadcast authentication or time-based key disclosure schemes; comfort with HKDF, HMAC-SHA-256, AES-GCM/ChaCha20-Poly1305, and rolling key chains.

· IoT/edge security: device onboarding, attestation basics, secure boot, firmware signing, and field update strategies.

· Network security: TLS 1.2/1.3, mTLS, certificate pinning, API auth (JWT/OAuth service-to-service), replay defense, rate limiting.

· Data protection for biometrics: template handling, unlinkability concepts, and privacy- by-design patterns.

· Proven delivery of a security-critical component (protocol/library/service) used in production.

· Experience with biometric devices (iris or face), image/template pipelines, and liveness/quality scoring.

· Formal methods or model-checking (TLA+, ProVerif) for protocol sanity checks.

· Windows/Linux edge deployments, Docker, CI/CD, observability (OpenTelemetry).

· MS SQL Server hardening, secure logging pipelines, KMS/Key Vault (Azure/AWS).

· Bilingual UI contexts (EN/AR) awareness and data residency/regulatory familiarity in the GCC.

Apply

Email raffas@tristarsystem.com

raffas66@icloud.com

with:

1. CV/LinkedIn + links to relevant repos or redacted code samples.

2. A short write-up (≤ 300 words) on how you’d design key disclosure and replay protection for a TESLA-style protocol over unreliable links.

3. One diagram (PNG/PDF) of a device→edge→server message flow showing time windows, keys, and logs.

Subject: Senior Security — Bio-Hybrid TESLA

Job Type: Full-time