FIND_THE_RIGHTJOB.
Abu Dhabi, United Arab Emirates
What you’ll work on
· Protocol implementation (Java): Extend and harden our current Java simulation for the Bio-Hybrid TESLA flow (key chain derivation, delayed disclosure, MAC verification, time windows, key commitment, and revocation handling).
· Biometric binding: Define how iris features/quality metrics bind to TESLA key schedules without leaking PII/templates; design privacy-preserving verification artifacts.
· IoT integration: Package the protocol for edge devices (e.g., mini-PC/industrial controller) interfacing with an iris scanner (e.g., CMITech EF-45 or similar) and site networks.
· Secure storage & key management: Keystore/TPM/HSM use on server/edge; nonce handling, replay protection, and secure audit logs.
· Resilience: Handle clock drift, packet loss, lossy links, offline windows, and device compromise scenarios; DoS-aware verification.
· API & data paths: Define secure APIs between React/Django back end, Java services, and MS SQL Server; ensure encrypted transit & at-rest data with clear key rotation plans.
· Threat modeling & tests: STRIDE-style analysis, unit/prop tests for cryptographic invariants, and red-team scripts for tamper/fuzz testing.
· Documentation: Developer-ready specs, message diagrams, and ops runbooks for deployment at construction sites.
Required qualifications
· 6+ years in security engineering or applied cryptography for production systems.
· Strong Java (security, concurrency, performance) and experience with at least one of:
Kotlin, Python, C/C++ for edge utilities.
· Hands-on with TESLA-like broadcast authentication or time-based key disclosure schemes; comfort with HKDF, HMAC-SHA-256, AES-GCM/ChaCha20-Poly1305, and rolling key chains.
· IoT/edge security: device onboarding, attestation basics, secure boot, firmware signing, and field update strategies.
· Network security: TLS 1.2/1.3, mTLS, certificate pinning, API auth (JWT/OAuth service-to-service), replay defense, rate limiting.
· Data protection for biometrics: template handling, unlinkability concepts, and privacy- by-design patterns.
· Proven delivery of a security-critical component (protocol/library/service) used in production.
· Experience with biometric devices (iris or face), image/template pipelines, and liveness/quality scoring.
· Formal methods or model-checking (TLA+, ProVerif) for protocol sanity checks.
· Windows/Linux edge deployments, Docker, CI/CD, observability (OpenTelemetry).
· MS SQL Server hardening, secure logging pipelines, KMS/Key Vault (Azure/AWS).
· Bilingual UI contexts (EN/AR) awareness and data residency/regulatory familiarity in the GCC.
Apply
Email raffas@tristarsystem.com
with:
1. CV/LinkedIn + links to relevant repos or redacted code samples.
2. A short write-up (≤ 300 words) on how you’d design key disclosure and replay protection for a TESLA-style protocol over unreliable links.
3. One diagram (PNG/PDF) of a device→edge→server message flow showing time windows, keys, and logs.
Subject: Senior Security — Bio-Hybrid TESLA
Job Type: Full-time
Similar jobs
ADNOC Group
Abu Dhabi, United Arab Emirates
2 days ago
CloudJune Technologies LLC
Abu Dhabi, United Arab Emirates
2 days ago
ENCS Networks
Abu Dhabi, United Arab Emirates
2 days ago
Infotech Electromechanical
Abu Dhabi, United Arab Emirates
10 days ago
Tether Operations Limited
Abu Dhabi, United Arab Emirates
10 days ago
Sennovate
Abu Dhabi, United Arab Emirates
10 days ago
Omada Rail Systems
Abu Dhabi, United Arab Emirates
10 days ago
© 2025 Qureos. All rights reserved.