Ockam logo

Command Line Design Engineer - Rust

Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.

Number of employees


Dollar sign

147k-228k USD

AI flag AG flag AR flag Americas only
In this role, you will be responsible for designing and developing Ockam's Open Source Command Line.
Ockam crates implement a collection of messaging and cryptographic protocols that provide end-to-end application layer trust in data. We believe that, in order to have a realistically manageable vulnerability surface, all modern applications need end-to-end guarantees of data integrity and authenticity. The only way to build secure and private applications is to remove unnecessary implicit trust in network boundaries, intermediaries and infrastructure.
As a Command Line Design Engineer, you will play a crucial role in developing and improving our command line interface (CLI) tools, ensuring they deliver a seamless and user-friendly experience. You will need to combine your expertise in Rust programming with a strong focus on user experience (UX) design to create efficient and intuitive command line interfaces that meet the needs of our customers.
The Ockam team is passionate about making powerful cryptographic protocols simple and safe for application developers. In this role you will collaborate across the Ockam Engineering team to deliver a safe, secure, stable, well-documented, easy to use, 100% open source Rust command line.


  • Strong proficiency in Rust programming language, with a proven track record of developing robust and efficient command line applications.
  • Experience with user experience (UX) design principles and methodologies, and a demonstrated ability to create intuitive and user-friendly interfaces.
  • Customer empathy and the ability to understand user needs and translate them into effective design solutions.
  • Excellent problem-solving and debugging skills, with a keen attention to detail.
  • Building components in complex code bases.
  • Modern build systems, CI/CD pipelines and DevOps.
  • Consuming and contributing to open source codebases.
  • Git and GitHub's workflow.
  • Strong communication and collaboration skills, with the ability to work effectively in a team environment.


  • 7+ years of experience building low-level and backend systems.
  • Distributed systems, Actor based concurrent systems and Messaging Protocols.
  • Provisioning and operating basic cloud services in AWS, Azure or Google Cloud.
  • Familiarity with multiple programming languages


Your Roadmap at Ockam, within 1 month, you'll:

  • Learn about how Ockam’s Rust Command and Ockam Orchestrator work.
  • Have 1x1s and pairing sessions with the team members that you’ll be working with closely and get to know your engineering peers.
  • Do a deep dive into the code base and learn more about the inner workings of our Rust Command.
  • Learn about what processes our team currently has in place and how we get work done.
  • Tackle your first ticket by committing code to one of our repos.

Within 3 months, you'll:

  • Gain a robust understanding of the needs of Ockam Command, Ockam API and Ockam libraries from the user's perspective
  • Design, architect, and deliver your first large feature
  • Guide your peers that you work with on areas of improvement on the technical side as well as the process side
  • Establish strong async and sync communication rhythms with your peers and management, practicing transparency and visibility in your progress and areas of focus
  • Celebrate the major win of having your work being used and valued by our users
  • Solicit feedback from your peers, including other engineers and teammates in your product team, and support your team through thoughtful feedback

Within 6 months, you'll:

  • Have conversations with our users and quickly understand how a feature needs to be added and lead architectural discussions for Ockam Command
  • Elevate the work of the team and become a subject matter expert in an area that interests you
  • Continue to contribute to our Open Source libraries and Ockam Command
  • Fortify relationships with cross functional team members as well as broaden your connections across the organization
  • Coach and mentor team members

Within 12 months, you'll:

  • Have significant ownership, making extensive contributions to a large system that enables customers to establish trusted channels between applications.
  • Drive initiatives with high-impact on the business and our customers.
  • Extensively collaborate with engineering management the executive team to level up the organization and continually improve our product.
Ockam is a growing company. The above is a high-level of what we see this role will comprise of at this point in time. We’re always learning and iterating and we evolve accordingly.


Not sure you meet 100% of our qualifications? Please apply anyway!
When applying, in addition to your resume, LinkedIn, and GitHub URLs, we’d love to know more about:
1. Your Open Source history - your experience with open source projects and contributions
2. A cover letter with a short blurb about why you would enjoy working in this role and why you’d like to work at Ockam would be great, though not required and will not impact your application.
When we receive your application we’ll get back to you about the next steps.
We are devoted to building a team of people with diverse backgrounds and lifestyles. We hire globally and believe that the unique perspectives and contributions of all our team members is the driver of our success.
Driving equality empowers our team, enables us to innovate, and helps us maintain a more inclusive environment. We don’t discriminate against anyone based on gender identity or expression, sexual orientation, religion, age, race, military/veteran status, citizenship, pregnancy status, or any other differences.
If we can do anything to provide a better interview, i.e. accommodate a disability, then please let us know.
Ockam is a distributed, remote-first team with a headquarters in San Francisco California.

About this role

July 26th, 2023

May 27th, 2023

Full Time

Dollar sign

147k-228k USD

Show UTC offsets
Ockam is hiring for this role in these timezones.
All Americas timezones (+/- 0 hours)

Apply now

Job expired?

Please let Ockam know you found this job on Himalayas. This will help us grow!

About Ockam

Learn about Ockam and their company culture.

View company profile

Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.

Trust for Data-in-Motion

Modern applications are distributed and have an unwieldy number of interconnections that must trustfully exchange data. To trust data-in-motion, applications need end-to-end guarantees of data integrity, authenticity, and privacy.

Ockam empowers you with simple tools to add these controls and guarantees to any application.

Powerful Protocols, Made Simple

To be private and secure by design, applications must have granular control over every trust and access decision.

This requires a variety of complex cryptographic and messaging protocols to work together in a secure and scalable way.

Developers have to think about creating unique cryptographic keys and issuing credentials to all application entities. They have to design ways to safely store secrets in hardware and securely distribute roots of trust. They must setup communication channels that guarantee data authenticity and integrity. They must enforce authorization policies. They also need protocols that rotate and revoke credentials.

All of this gets very complicated, very quickly.

At Ockam, our mission is to empower every developer with simple tools to create applications that build trust in data.

We’ve taken proven cryptographic protocols and made them easy to use on the command line or invoke as a programming library. We handle all the underlying complexity and give you high-level and composable building blocks to create end-to-end, application layer trust in data.

End-to-End Data Integrity and Authenticity

A lot happened in the above demo.

We have an application http server in python and an application client in curl. Our goal is to create trustful communication between the application server and its clients that are running in different private networks. We want to achieve this without exposing the server to the Internet and without modifying existing client or server application code.

To make this happen, we create a relay node that runs a forwarding service exposed on the Internet. Ockam Orchestrator offers highly scalable, managed encrypted relays but for this first demo we create a local relay. We then create a sidecar node next to our application server and another sidecar node next to our application client. All three nodes generate unique cryptographic identities and file system vaults to store private keys. All three nodes are setup to trust each other’s public keys.

We ask the serversidecar to create a TCP outlet to the application server and then ask the relay node to setup a forwarder for the serversidecar. We then ask the clientsidecar to create an end-to-end encrypted and mutually authenticated secure channel with the serversidecar via the relay. Finally we open a TCP inlet and tunnel client requests and responses through our end-to-end secure channel.

Ockam gives you the tools to create many such end-to-end secure topologies. In this example topology, the application sidecar nodes create outgoing TCP connections to the relay which allows them to communicate from behind private NATs. The relay node routes encrypted data and cannot see or tamper with it.

In a few simple commands, without dealing with the cryptographic details, we added end-to-end data integrity, authenticity and privacy to applications that don’t have built in trust guarantees.

Built for developers, by developers

It is hard to build and scale an application that makes identity driven trust decisions. We created simple, composable building blocks so you can easily deliver secure and private applications to your customers.

Secure By Design

Secure By Design applications minimize their vulnerability surface and embrace the principle of least privilege.

Ockam’s end-to-end secure channels guarantee application layer data integrity and authenticity for all data-in-motion. This enables a deny-by-default security posture that minimizes an application’s vulnerability surface and brings true control over every access decision.

Zero Trust

Modern applications operate in untrusted networks and increasingly rely on third-party services and infrastructure. This creates exponential growth in their vulnerability surface.

Ockam gives you the tools to eliminate implicit trust in networks, services, and infrastructure. Applications get provable cryptographic identities to authenticate and authorize every access decision.

Shift Left

Software cannot be secured from the outside. Ockam provides powerful building blocks to shift security left and make it an integral part of application design and development.

Application layer trust guarantees along with tools to manage keys, credentials and authorization policies give you granular control on the security and privacy properties of your application.

Developer First

Application security is easiest and most cost-effective to solve at the source. Developer-first application layer security is the only viable approach to scalable secure applications.

Ockam makes it easy to securely manage the lifecycle of keys, identities, and credentials. We give you simple tools to authenticate and authorize using attribute-based credentials and policies.

Open Source

Ockam’s protocols become ever more secure through transparency, community feedback, and scrutiny.

Add-ons can be built by anyone to create new hardware key vaults or cloud service connectors.

Cloud Native

Ockam Orchestrator is built for enterprise scale.

Add-ons are ready-made connectors to your hosted authentication, database, and message broker services.

Virtues of the Ockam Team

Our Value is what we believe. Our Virtues are what we do.

  • High-Performance: Ockam is a team of doers, builders, shippers, and finishers. We created an environment where every individual is empowered to act, and trusted to be world-class in their role.

  • Simple: The creation of simple solutions out of complex problems is the basis for our namesake, Ockam. Every idea, product, and procedure at Ockam is refined to be as simple as it should be.

  • Transparent: We trust each other to be transparent, authentic and honest. As a globally-distributed, remote-first team transparent communication establishes our culture of trust.

  • Time Efficient: Time is the most valuable asset that we have. We trust each other to use our time with respect. We consider how our actions, and use of time, impact everyone else on The Team.

Tech stack

Learn about the technology and tools that Ockam uses.

View tech stack

17 more

Benefits and perks

Learn about the benefits and perks that Ockam provides.

View benefits
Retirement benefits

Retirement benefits

Generous 401(k) with matching to help you invest in your future.

Healthcare benefits

Healthcare benefits

Health care coverage.

2 remote jobs at Ockam

Ockam is hiring Staff Engineer - Infrastructure, DevOps, SRE (Platform Engineering) and Senior Engineer - Rust.

View all jobs at Ockam
AI flag AG flag AR flag Americas only
Number of employees


Dollar sign

220k-270k USD

Full Time
Dot DevOps Engineer
Number of employees


Dollar sign

147k-228k USD

Remote companies like Ockam

These are some great remote companies operating in similar industries to Ockam.

View all companies

PaneraTech uses data and the power of AI to enable Data-Driven Decision Making (DDDM) for Manufacturers.

Remote empowers companies of all sizes to pay and manage full-time and contract workers around the world.

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated.

Trade Bitcoin, BNB, and hundreds of other cryptocurrencies in minutes.

Percona is an industry leader in providing elite services, training and software for MySQL®, MariaDB®, MongoDB®, PostgreSQL® and other open-source databases in on-premises and cloud environments.

Your finance software should work for you, but let’s face it—it hasn’t evolved in decades.

Find your dream job

Set up personalized remote job search alerts and get noticed by recruiters searching for your skills.

Create a job seeker account on Himalayas