Job Description
Cloudetica Solutions is looking for a Blockchain Engineer; a hands-on, applied-cryptography professional that has expertise on implementing blockchain solutions on AWS, on a casual, project-by-project basis. You’ll design and operate our PKI (AWS Private CA) and build the platform’s hash-notarization layer anchored on Amazon Managed Blockchain (Hyperledger Fabric). You will implement mTLS, certificate lifecycle, verify-by-hash APIs, and audit-ready evidence, working closely with our platform teams (API Gateway, Lambda, Step Functions, Data Engineering).
Key Responsibilities
PKI Architecture & Lifecycle
- Design a standards-compatible PKI: CP/CPS, hierarchy (root/intermediate), private OIDs and custom EKUs, naming conventions.
- Implement issuance/rotation and revocation (CRL distribution; short-lived certs; OCSP if required).
- Enforce mTLS for service-to-service and external API paths; integrate with AWS KMS (CloudHSM optional).
Ledger Notarization & Verification (Amazon Managed Blockchain)
- Stand up AMB (Hyperledger Fabric) network membership, channels, ordering, and peers.
- Author and operate chaincode (Go or Node.js) for storing SHA-256/Merkle proofs and supporting verification queries.
- Define endorsement policies, access controls, monitoring, backup/restore, and DR runbooks for the ledger.
Secure Service Integration & Controls
- Collaborate with platform teams to embed PKI and notarization into workflows (API Gateway, Lambda, EventBridge, Step Functions).
- Define verify-by-hash and proof retrieval APIs (OpenAPI/JSON), rate limits, and idempotency patterns.
- Instrument logs/metrics/traces (CloudWatch/OpenTelemetry) and route to Security Lake/SIEM.
Documentation, Evidence & Readiness
- Produce CP/CPS, key-ceremony procedures, cert profiles, and relying-party guides.
- Generate evidence bundles for audits (tamper-evidence, inclusion/consistency proofs, time-stamping).
- Contribute to IR/DR tabletop exercises and cutover plans.
Continuous Improvement & Collaboration
- Codify PKI and ledger resources with Terraform (or CDK), add CI/CD checks (GitHub Actions).
- Advise on secret management, TLS termination choices, and certificate rotation playbooks.
- Mentor engineers on mTLS, OAuth/OIDC/JWT boundaries, and zero-trust patterns.
Qualifications
- Proven experience in PKI / applied cryptography (X.509, ASN.1, EKU, revocation, key ceremonies).
- Hands-on with AWS Private CA and AWS KMS (CloudHSM a plus).
- Proven experience with Amazon Managed Blockchain (Hyperledger Fabric)—network ops and chaincode lifecycle.
- Practical mTLS enablement at scale; familiarity with OAuth2/OIDC/JWT in adjacent systems.
- Strong IaC habits (Terraform or AWS CDK) and secure SDLC; excellent written documentation skills.
Preferred
- AWS/Security certifications such as CISSP, CISM, AWS Solutions Architect – Professional or AWS Certified Security – Specialty.
- Familiarity with serverless architectures and securing Lambda/API Gateway patterns.
- Merkle-tree inclusion/consistency proofs; transparency-log concepts.
- Experience anchoring to a public chain as a secondary trust anchor (not required here).
- Regulated fintech exposure (evidence packs, segregation of duties).
- Go or Node.js for chaincode; experience with Security Lake/Splunk/Sentinel.
Format of Work
- Fully remote, part-time/casual-based engagement.
- Hourly compensation, invoiced monthly.
- Collaboration via Slack, Trello, GitHub, and regular video calls.
Interview Process
- Behavioral Discussion: Walk us through a PKI you designed; issuance, rotation, revocation, compromise recovery and a ledger/notarization implementation you shipped.
- Technical Case Study: Design a verify-by-hash service anchored on Amazon Managed Blockchain; chaincode model, endorsement policy, API shape, failure modes, and evidence generation.
- White-board Exercise: Architect mTLS for a multi-account AWS microservice path (API Gateway → Lambda → Step Functions) with certificate rotation, CRL/OCSP strategy, and relying-party validation—plus DR/backup for the ledger.
Job Type: Part-time
Application Question(s):
- What would your monthly salary expectation be in IDR (assuming full-time, although payment will be made at an hourly rate)?
- Could you describe your experience in working with blockchain development, including with Amazon Managed Blockchain?
