Help build the next generation of Zero Trust
We're a team of technologists and operators working on hard, consequential problems in security — and we're growing
Faction is building a next generation cybersecurity platform the way it should work: with trust owned and controlled by the customer. If that mission resonates, we'd like to meet you.
The vision.
The first two generations of network security defended a perimeter, then centralized trust in cloud control planes that became the highest-value targets in the industry. Faction removes that dependency entirely: the owner holds the keys, and our infrastructure routes encrypted traffic it has no ability to read. Applied across networking, OT/IoT hardware, data, and AI, that single principle is the foundation of a platform built for the sectors that hold the nation’s digital infrastructure together — manufacturing, healthcare, energy, critical infrastructure, government, and financial services. The threat environment and the regulation are both moving in our direction, from the FCC’s action against foreign-made routers to the national reckoning over hardware and supply-chain integrity.
The engineering.
Zero-knowledge is a demanding and elegant constraint: you have to ship a seamless product while denying yourself any ability to see inside it. That discipline runs through a Rust cryptographic core, a four-layer encryption stack, owner-controlled PKI, and a distributed routing fabric — across every major platform, from phones and servers to embedded hardware in the field.
The AI frontier.
As AI agents begin acting at machine speed across networks, keeping a human in genuine, enforceable control of them becomes one of the defining problems of this decade — and a national-security problem, not just a commercial one. We believe the answer lives below the application layer, in cryptography, identity, and network architecture, where a kill switch actually works and an agent cannot manipulate and compromise cloud servers, software and vulnerable hardware to route around it.
The hardware frontier — Zero Trust to silicon.
You cannot outsource trust. Manufacturing in the United States is necessary but not sufficient; real assurance means continuous, independent verification of hardware, firmware, and components from the silicon up. We’re building toward exactly that — secure boot, cryptographic device identity, signed firmware, and controlled provisioning today, and Zero Trust principles embedded at the silicon level with post-quantum readiness as the destination. For engineers who work close to the metal — firmware, embedded, hardware security — this is a rare chance to solve a problem of real national consequence at a layer almost no one is defending.
- People who care about doing the right thing for customers, not just the easy thing.
- Curiosity and candor — we explain plainly and challenge each other directly.
- A bias for building things that are verifiable, not just impressive.
Technical Architect & Lead Engineer
Team: Engineering. Reports to the Co-Founder & CTO. Path to VP or Director of Engineering. A senior, hands-on role building the core platform alongside the CTO while setting engineering direction as the team grows. You own the integrity of the trust model — device-rooted identity and end-to-end key custody under the customer — and the architecture's evolution from a single services tier into a globally distributed fleet of encrypted meeting points backed by a smaller, tightly controlled services layer.
- Core platform architecture and production systems, hands-on.
- Deep work in cryptography, secure networking (VPN / ZTNA / WireGuard-class systems), and distributed-system design.
- Engineering direction, standards, and culture as the team expands.
- Deep applied-cryptography and secure-networking experience.
- A track record of shipping production systems hands-on, not only designing them.
- The judgment to set standards and build a team in a small group.
What you will build
You bring
Senior Backend Engineer (Rust)
Team: Backend Engineering. 1–2 openings. Build the owner-controlled Zero Trust services at the core of the platform: the certificate authority and out-of-band enrollment path, per-tenant encrypted-tunnel orchestration, capability-scoped egress (default-deny, with bounded exceptions), immediate cryptographic revocation, strict multi-tenant isolation, identity-provider federation, and tamper-evident audit. Small senior team, decisions ship quickly.
- Backend services for Zero Trust networking, identity, and encryption.
- Capability-scoped egress, revocation, and multi-tenant isolation.
- Identity-provider federation and tamper-evident audit.
- Strong Rust.
- Production experience with WireGuard or comparable secure transport, PostgreSQL, and mTLS / X.509 PKI.
- A security-first instinct: fail closed, least privilege, no implicit trust.
What you will build
You bring
Senior Backend Engineer
Build the secure, privacy-preserving backend services behind owner-controlled trust — the Zero Trust networking, identity, and encryption at the platform's core.
- Design and build backend services for Zero Trust networking, identity, and encryption.
- Work end to end across cybersecurity and digital-privacy problems, from data model to deployment.
- Write verifiable, well-tested code in a small, senior team where your decisions ship.
Applied Cryptography Engineer
Team: Engineering (Cryptography). Own customer-held key custody end to end: post-quantum hybrid key wrapping, encryption at rest with crypto-erasure on revocation, per-file keys delivered out-of-band over the network, hardware-backed key custody (Secure Enclave / StrongBox / TPM), and the PKI that binds every device's identity. Your work is what lets us say, truthfully, that a full compromise of our servers yields ciphertext and nothing more.
- Post-quantum hybrid key wrapping and encryption at rest with crypto-erasure on revocation.
- Per-file keys with out-of-band key delivery.
- Hardware-backed key custody and the device-rooted PKI.
- Real applied-cryptography experience, not only protocol reading.
- Fluency with modern KEMs and AEADs, key wrapping and rotation, and hardware key stores.
- The rigor to build systems an external cryptographic audit will pass.
What you will build
You bring
Senior Full-Stack / HTML5 Developer
Build the dashboards, analytics, and cross-platform applications customers use to own and control their networks.
- Develop responsive HTML5 dashboards and data-analytics views customers use to run their networks.
- Build cross-platform applications and AI-assisted tooling, end to end.
- Partner closely with backend and design to ship polished, trustworthy product.
Client & Application Engineer (Flutter + Rust)
Team: Product Engineering. Build the cross-platform application (iOS, Android, macOS, Windows, Linux) and the in-app Customer Dashboard that gives an owner full visibility into and control of their own network. You will move key custody to hardware-bound storage on each platform, build the customer-side command-line tooling, and stand up the optional local browser dashboard surface for delegated administrators.
- The cross-platform application and the in-app Customer Dashboard.
- Hardware-bound key storage on each platform.
- The customer-side CLI and an optional local browser dashboard surface.
- Strong Flutter / Dart with cross-platform delivery experience.
- Comfort calling into Rust over FFI.
- An eye for trustworthy, low-friction UX. Platform-native security (Keychain, AndroidKeyStore, Windows CNG / DPAPI) is a strong plus.
What you will build
You bring
Embedded / Pod Firmware Engineer
Team: Hardware & Firmware. Own the network appliances that extend a Faction network to physical sites and to devices that cannot run a client. OpenWrt-based firmware, WireGuard with crypto offload, secure boot and signed-image enforcement, dual-slot over-the-air upgrade with rollback, and on-device default-deny egress enforcement — plus helping qualify the next generation of appliance hardware.
- OpenWrt-based appliance firmware with WireGuard crypto offload.
- Secure boot, signed-image enforcement, and dual-slot OTA with rollback.
- On-device default-deny egress enforcement; help qualify new hardware.
- Embedded Linux / OpenWrt (or similar) experience.
- Comfort at the kernel / driver and bootloader layer, with hands-on hardware bring-up.
- A healthy respect for not bricking devices in the field.
What you will build
You bring
QA & Release Engineer
Team: Quality & Release. Stand up real testing for a system that runs on physical endpoints across five platforms and real networks, where cloud-only simulation is not enough. Build the test-management practice and a real-device test circuit, establish the release-to-release regression baseline, and produce the signed, time-stamped evidence corpus that supports our external cryptographic audit and your customers' compliance reviews.
- A test-management practice and a real-device test circuit.
- The release-to-release regression baseline and release gating.
- A signed, time-stamped test-evidence corpus for audit and compliance.
- Test-engineering depth, not only manual QA.
- Experience coordinating multi-device, real-network test runs.
- Comfort with test-management tooling and CI, and the discipline to make “what shipped, and what proved it” reconstructable.
What you will build
You bring
Solutions / OEM Integration Engineer
Team: Partnerships & Integration. Grows with the OEM channel. Faction is delivered in software and needs no hardware to run, which makes it embeddable. You will integrate Faction into partners' own products (so their customers are enrolled invisibly), help ship customer-branded, pre-enrolled appliances built on Faction primitives, and build the onboarding kits that work across the full range of customer technical capability — from enterprise IT to a no-IT shop that just plugs something in.
- Embedded integrations of Faction into partner products.
- Customer-branded, pre-enrolled appliances built on Faction primitives.
- Onboarding kits across the customer technical-capability spectrum.
- Integration / solutions-engineering experience.
- The ability to meet a partner’s stack where it is.
- Clear technical writing for onboarding material. Security or networking background is a strong plus.
What you will build
You bring
Every role begins as a contract engagement with a path to full-time, and combines cash compensation with incentive stock options — so you share in what you help build. We're an early-stage company doing serious, consequential work: expect range, ownership, and direct impact.
Don't see your exact role but believe you belong here? Tell us what you'd want to work on — write to careers@faction.net.
Own your trust. Keep your peace of mind.
The new threat environment calls for a new Zero Trust model. We'd welcome the chance to show you how Faction puts you in control and secures your critical systems and assets rapidly with low cost and IT overhead.