Senior Engineer, Agentic Identity

Posted Yesterday
Be an Early Applicant
San Francisco, CA, USA
In-Office
230K-340K Annually
Senior level
Fintech • Security • Analytics • Financial Services
Elegantly designed products (KYB, Fraud, Credit). 2,000+ Bank, Lending, and Government Clients.
The Role
Design, build, and operate a cryptographic identity substrate (issuer/mint, JWS/JWT formats, Merkle audit log, real-time revocation, Passport account service). Implement high-performance edge verification, operator integrations, and work across a Python 3.13 monorepo and Go services for production-grade, observable identity systems.
Summary Generated by Built In

ABOUT BASELAYER

Every business in America needs a bank account to exist. The system that decides whether they're real, who's behind them, and whether they're a risk, runs on infrastructure from the 1980s. We're rebuilding that layer from scratch.

Baselayer is the identity layer for institutions across the United States — the most complete business graph in America and every human tied to it. We fuse public records, IRS data, sanctions lists, web signals, and fraud telemetry from 2,200+ financial institutions into a single graph that resolves any business and the humans behind it in milliseconds. The legacy credit bureaus took 50 years to build something that gets 60% match rates. We've built something that gets 98% in under two years.

Today we're trusted by over 20% of financial institutions in America — including FIS, Rho, Socure and leading loan infrastructure providers. But the graph is becoming infrastructure for anyone who needs to know if a business is real and worth trusting: gig platforms, marketplaces, AI companies, and commerce infrastructure at scale.

Trust is the substrate of every financial transaction. We're rebuilding it.

ABOUT THE TEAM

We're solving real-time entity resolution at a scale no one else has cracked — fusing dozens of data sources into a single business identity graph and resolving any entity in milliseconds. It's a graph AI problem, a retrieval problem, and a fraud-modeling problem stacked on top of each other. The technical depth is real.

You'd be joining a small team where the data moat is defensible, the research problems are open, and the infrastructure you build becomes load-bearing for businesses. Ownership is real. Velocity is real. There's no layer of process between an idea and shipping it.

We're at an inflection point — the graph is built, the match rates speak for themselves, and the hardest problems are still ahead: graph embeddings, fraud propagation models across the business network, real-time traversal at sub-100ms latency, and expanding the identity layer beyond finance into every platform that needs to trust a business.

If you want to work on something foundational — the kind of infrastructure that gets built once and everything else runs on top of — this is it.

ABOUT THE ROLE

AI agents are beginning to act on behalf of people and businesses against publishers, banks, payment networks, and APIs. Every counterparty today answers identity questions on its own - self-asserted API keys, third-party cookies, pixel trackers. That model breaks the moment the actor is an agent. We're building KYA (Know Your Agent) - a cryptographic identity substrate that replaces self-assertion with third-party-issued credentials, verifiable by any counterparty. We're hiring an engineer to own a meaningful surface of the substrate - issuer mint, edge verification, Passport, or Merkle audit log - and ship it to production.

WHAT YOU'LL DO

  • Build and maintain the runtime issuer/mint: OAuth Token Exchange (RFC 8693), JWS credentials (RFC 7515/7519, SD-JWT-VC), and Merkle audit log with real-time revocation.
  • Own and evolve the wire format and claim registry: JWT profile, verification_level/verification_method enums, and eIDAS/NIST IAL/FATF CDD crosswalk.
  • Implement sub-millisecond JWS verification and Web Bot Auth signature checks (RFC 9421) at the HTTP edge for counterparty CDNs, merchants, and publisher paywalls.
  • Build and maintain Passport - the user's cloud-resident principal account with canonical handle, KYC/KYB record, authorized-operators list, audit feed, and authenticator binding.
  • Develop operator integration: embedded KYB onboarding inside first OAuth 2.0 consent, per-operator opt-in, and webhook delivery via Svix.
  • Work across a Python 3.13 monorepo (FastAPI, Cloud Tasks, Cloud Run, SQLModel/SQLAlchemy) and Go for performance-critical substrate components.

MINIMUM REQUIREMENTS

  • Shipped systems where cryptographic correctness was load-bearing: OAuth/OIDC IdP, token issuer, signing service, HSM-backed signer, passkey/WebAuthn flow, or similar.
  • Fluent in Python and Go, or strong in one with a track record of learning the other quickly.
  • Reads RFCs as primary sources and holds informed opinions on JWK thumbprint canonicalization, pairwise-sub derivation, and Signature-Input header serialization.
  • Deep understanding of the distinction between identity and authorization, mandate and claim, snapshot and live state.
  • Production experience with async Python on Postgres, including migration safety and observability.

WHAT SETS YOU APART

  • Verifiable credentials / SSI / DID work - especially SD-JWT-VC, OID4VC, or the W3C VC stack.
  • Certificate Transparency, Trillian, or similar append-only-log experience.
  • KYC/KYB pipeline experience: provider abstraction, evidence retention, eIDAS/FATF CDD level mapping, ownership-chain resolution.
  • Edge/CDN engineering - Cloudflare Workers, Fastly Compute, Envoy filters, or mTLS at the edge.
  • Familiarity with AP2, x402, MPP, UCP, or Mastercard VI specs and how identity rides alongside mandate.

WORK LOCATION

  • Based in SF; hybrid 4 days per week in office.

COMPENSATION

  • Salary Range: $230,000 – $340,000 + Equity

BENEFITS

  • Time off when you need it: Flexible PTO so you can recharge without red tape
  • In-person energy: We're based in SF and meet in the office 4 days a week
  • Competitive compensation: We pay well and back it with equity. We want you to think and act like an owner
  • Career rocket fuel: You'll help build the foundation of a high-growth startup, working side by side with experienced founders and team members who've done it before
  • Benefits on us: We cover 100% of your health, dental, and vision premiums. No surprise deductions from your paycheck
  • 401(k) with company match: We match your contributions so your future self benefits too
  • HSA contributions included: We contribute to your HSA on applicable plans, so your coverage works as hard as you do
  • Stay healthy, stay sharp: A $250 monthly gym stipend to help you bring your best self to work, and everywhere else
  • A seat at the table: We believe in transparency, radical candor, and giving every team member a voice 🔥

Skills Required

  • Shipped systems where cryptographic correctness was load-bearing (e.g., OAuth/OIDC IdP, token issuer, signing service, HSM-backed signer, passkey/WebAuthn flow).
  • Fluent in Python and Go, or strong in one with track record of learning the other quickly.
  • Deep familiarity reading RFCs and applied knowledge of JWK thumbprint canonicalization, pairwise-sub derivation, and Signature-Input header serialization.
  • Deep understanding of identity vs authorization, mandate vs claim, and snapshot vs live state.
  • Production experience with async Python on Postgres, including migration safety and observability.
  • Experience working in a monorepo with FastAPI and modern Python (3.13) and contributing to performance-critical Go components.
  • Experience implementing OAuth Token Exchange, JWS/JWT profiles, and real-time revocation or audit logs (Merkle/append-only logs).
  • Experience integrating webhooks and operator onboarding flows (e.g., Svix) and building HTTP-edge verification.
  • Verifiable credentials / SSI / DID / SD-JWT-VC / OID4VC / W3C VC experience.
  • Append-only log experience (Certificate Transparency, Trillian) or similar.
  • Edge/CDN engineering experience (Cloudflare Workers, Fastly Compute, Envoy filters, mTLS).
  • KYC/KYB pipeline experience, provider abstraction, eIDAS/FATF CDD mapping, ownership-chain resolution.
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Chandler, AZ
21 Employees
Year Founded: 2021

What We Do

Baselayer empowers over 2,000 financial institutions and government agencies to trust the small and medium-sized businesses they serve. We use proprietary machine learning to search government records, the web, and private databases to answer questions about Compliance, Risk, or Fraud about any business in the United States. Our solution suite includes tools for identity verification (Know Your Business), enhanced due diligence, fraud prevention, risk profiling, lien filing, and portfolio monitoring. Our platform also offers unique credit stacking capabilities and an advanced repeat fraud prevention system. Baselayer is integrated into companies with over 30 million accounts, rating and verifying real-time applications. Baselayer.com

Similar Jobs

Zscaler Logo Zscaler

Senior Director, Public Sector Sales Operations

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
USA
8697 Employees
232K-290K Annually

Snap! Mobile Logo Snap! Mobile

Sales Representative

Edtech • Fintech • Sports
Easy Apply
In-Office
Temecula, CA, USA
350 Employees

Pluralsight Logo Pluralsight

Director Analytics Engineering

Edtech • Information Technology • Software
Remote or Hybrid
USA
1000 Employees
167K-220K Annually

CSC Logo CSC

Associate Tax Research Specialist

Fintech • Legal Tech • Software • Financial Services • Cybersecurity • Data Privacy
Remote or Hybrid
2 Locations
8500 Employees
58K-73K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account