Statement of Work — Backend Engineer (Elixir / Erlang / ASN.1)
- Project: Development and enhancement of secure military-grade instant messaging server
- Position: Senior/Middle Backend Engineer (Elixir primary, Erlang/OTP understanding required)
- Project context: The company is building a high-security chat platform for defense/government use cases. The backend is based on the open-source CHAT server, which implements a custom ASN.1/DER-encoded protocol over TCP/QUIC with full X.509 CMS envelope encryption, OCSP/LDAP validation, ephemeral messages, and standards compliance (RFC 5280, 5652, 8551, ДСТУ 4145, etc.).
Scope of Work (main deliverables):
Code Governance
Deep code audit and refactoring of the existing Elixir/Erlang codebase:
- Review ASN.1 modules (priv/v2/CHAT-v2.asn1 + related PKIX/CMS modules)
- Optimize Mnesia usage for message delivery / persistence
- Harden crypto operations (crypto / public_key / ssl modules)
- Implementation / enhancement of military-specific features:
- Integration of Ukrainian national crypto algorithms (ДСТУ 4145 / ДСТУ 4146 where applicable)
- Support for post-quantum key exchange primitives (if roadmap includes)
- Enhanced certificate enrollment flows (CMPv2 / EST / SCEP)
- Audit logging compliant with defense standards (tamper-evident, exportable)
- Granular access control and zero-trust message routing
Protocol Evolution
- Extend ASN.1 schema for new message types (e.g., file transfer with large attachments, voice/video signaling stubs, MLS-like group keying if required)
- Implement QUIC transport improvements (0-RTT, connection migration)
- Add optional federation support (via XMPP/OMEMO-like bridging or native)
Security hardening & compliance
- Side-channel resistance improvements
- FIPS-like mode (or equivalent) for crypto primitives
- Preparation for external security audit / pentest
- OCSP stapling, CRL checking, DNSSEC integration
DevOps & release engineering
- Improve mix release process, Docker / systemd packaging
- Monitoring / metrics (Prometheus / telemetry)
- CI/CD pipeline enhancements (tests coverage > 85%)
Required skills & experience (for job/CV screening)
- 4+ years commercial experience with Elixir (or strong Erlang/OTP transferable)
- Deep understanding of Erlang/OTP behaviors, supervision trees, gen_server / gen_statem
- Experience with cryptography in production (OpenSSL / Erlang :crypto, X.509, CMS/S-MIME, ECDSA / Ed25519 / X25519)
- Practical work with ASN.1 (encoding/decoding, custom compilers, BER/DER/PER)
- Familiarity with PKI infrastructure (CA, OCSP, LDAP, CMP/EST)
- Experience in defense/military/government projects, QUIC, post-quantum crypto, Mnesia / DETS
- Understanding of secure protocol design (avoiding common pitfalls like replay / downgrade attacks)
- English (Upper-Intermediate) + Ukrainian (advantage)
- PhD or Master degree in Computer Science or Mathematics.
Nice to have
- Experience with N2O.DEV, ERP.UNO open source stack
- Knowledge of MLS (Messaging Layer Security) RFC
- Estimated engagement & Success criteria:
Estimated engagement: Full-time / 6–12 months initial contract with extension option
Success criteria: Stable, auditable server passing internal crypto verification + security review; new features merged into fork/main branch.
Statement of Work — Backend Engineer (Elixir / Erlang / ASN.1)
Scope of Work (main deliverables):
Code Governance
Deep code audit and refactoring of the existing Elixir/Erlang codebase:
Protocol Evolution
Security hardening & compliance
DevOps & release engineering
Required skills & experience (for job/CV screening)
Nice to have
Estimated engagement: Full-time / 6–12 months initial contract with extension option
Success criteria: Stable, auditable server passing internal crypto verification + security review; new features merged into fork/main branch.