Senior Engineer, Agentic Identity

<p><strong>ABOUT BASELAYER</strong></p> <hr> <p>Every business in America needs a bank account to exist. The system that decides whether they're real, who's behind them, and whether they're a risk, runs on infrastructure from the 1980s. We're rebuilding that layer from scratch.</p> <p>Baselayer is the identity layer for institutions across the United States — the most complete business graph in America and every human tied to it. We fuse public records, IRS data, sanctions lists, web signals, and fraud telemetry from 2,200+ financial institutions into a single graph that resolves any business and the humans behind it in milliseconds. The legacy credit bureaus took 50 years to build something that gets 60% match rates. We've built something that gets 98% in under two years.</p> <p>Today we're trusted by over 20% of financial institutions in America — including FIS, Rho, Socure and leading loan infrastructure providers. But the graph is becoming infrastructure for anyone who needs to know if a business is real and worth trusting: gig platforms, marketplaces, AI companies, and commerce infrastructure at scale.</p> <p>Trust is the substrate of every financial transaction. We're rebuilding it.</p> <p><strong>ABOUT THE TEAM</strong></p> <hr> <p>We're solving real-time entity resolution at a scale no one else has cracked — fusing dozens of data sources into a single business identity graph and resolving any entity in milliseconds. It's a graph AI problem, a retrieval problem, and a fraud-modeling problem stacked on top of each other. The technical depth is real.</p> <p>You'd be joining a small team where the data moat is defensible, the research problems are open, and the infrastructure you build becomes load-bearing for businesses. Ownership is real. Velocity is real. There's no layer of process between an idea and shipping it.</p> <p>We're at an inflection point — the graph is built, the match rates speak for themselves, and the hardest problems are still ahead: graph embeddings, fraud propagation models across the business network, real-time traversal at sub-100ms latency, and expanding the identity layer beyond finance into every platform that needs to trust a business.</p> <p>If you want to work on something foundational — the kind of infrastructure that gets built once and everything else runs on top of — this is it.</p> <p><strong>ABOUT THE ROLE</strong></p> <hr> <p>AI agents are beginning to act on behalf of people and businesses against publishers, banks, payment networks, and APIs. Every counterparty today answers identity questions on its own - self-asserted API keys, third-party cookies, pixel trackers. That model breaks the moment the actor is an agent. We're building KYA (Know Your Agent) - a cryptographic identity substrate that replaces self-assertion with third-party-issued credentials, verifiable by any counterparty. We're hiring an engineer to own a meaningful surface of the substrate - issuer mint, edge verification, Passport, or Merkle audit log - and ship it to production.</p> <p><strong>WHAT YOU'LL DO</strong></p> <hr> <ul> <li>Build and maintain the runtime issuer/mint: OAuth Token Exchange (RFC 8693), JWS credentials (RFC 7515/7519, SD-JWT-VC), and Merkle audit log with real-time revocation.</li> <li>Own and evolve the wire format and claim registry: JWT profile, verification_level/verification_method enums, and eIDAS/NIST IAL/FATF CDD crosswalk.</li> <li>Implement sub-millisecond JWS verification and Web Bot Auth signature checks (RFC 9421) at the HTTP edge for counterparty CDNs, merchants, and publisher paywalls.</li> <li>Build and maintain Passport - the user's cloud-resident principal account with canonical handle, KYC/KYB record, authorized-operators list, audit feed, and authenticator binding.</li> <li>Develop operator integration: embedded KYB onboarding inside first OAuth 2.0 consent, per-operator opt-in, and webhook delivery via Svix.</li> <li>Work across a Python 3.13 monorepo (FastAPI, Cloud Tasks, Cloud Run, SQLModel/SQLAlchemy) and Go for performance-critical substrate components.</li> </ul> <p><strong>MINIMUM REQUIREMENTS</strong></p> <hr> <ul> <li>Shipped systems where cryptographic correctness was load-bearing: OAuth/OIDC IdP, token issuer, signing service, HSM-backed signer, passkey/WebAuthn flow, or similar.</li> <li>Fluent in Python and Go, or strong in one with a track record of learning the other quickly.</li> <li>Reads RFCs as primary sources and holds informed opinions on JWK thumbprint canonicalization, pairwise-sub derivation, and Signature-Input header serialization.</li> <li>Deep understanding of the distinction between identity and authorization, mandate and claim, snapshot and live state.</li> <li>Production experience with async Python on Postgres, including migration safety and observability.</li> </ul> <p><strong>WHAT SETS YOU APART</strong></p> <hr> <ul> <li>Verifiable credentials / SSI / DID work - especially SD-JWT-VC, OID4VC, or the W3C VC stack.</li> <li>Certificate Transparency, Trillian, or similar append-only-log experience.</li> <li>KYC/KYB pipeline experience: provider abstraction, evidence retention, eIDAS/FATF CDD level mapping, ownership-chain resolution.</li> <li>Edge/CDN engineering - Cloudflare Workers, Fastly Compute, Envoy filters, or mTLS at the edge.</li> <li>Familiarity with AP2, x402, MPP, UCP, or Mastercard VI specs and how identity rides alongside mandate.</li> </ul> <p><strong>WORK LOCATION</strong></p> <hr> <ul> <li>Based in SF; hybrid 4 days per week in office.</li> </ul> <p><strong>COMPENSATION</strong></p> <hr> <ul> <li><em><strong>Salary Range:</strong> </em>$230,000 – $340,000 + Equity</li> </ul> <p><strong>BENEFITS</strong></p> <hr> <ul> <li><strong><em>Time off when you need it:</em></strong> Flexible PTO so you can recharge without red tape</li> <li><strong><em>In-person energy:</em></strong> We're based in SF and meet in the office 4 days a week</li> <li><strong><em>Competitive compensation:</em></strong> We pay well and back it with equity. We want you to think and act like an owner</li> <li><strong><em>Career rocket fuel:</em></strong> You'll help build the foundation of a high-growth startup, working side by side with experienced founders and team members who've done it before</li> <li><strong><em>Benefits on us:</em></strong> We cover 100% of your health, dental, and vision premiums. No surprise deductions from your paycheck</li> <li><strong><em>401(k) with company match</em></strong>: We match your contributions so your future self benefits too</li> <li><strong><em>HSA contributions included: </em></strong>We contribute to your HSA on applicable plans, so your coverage works as hard as you do</li> <li><strong><em>Stay healthy, stay sharp:</em></strong> A $250 monthly gym stipend to help you bring your best self to work, and everywhere else</li> <li><strong><em>A seat at the table: </em></strong>We believe in transparency, radical candor, and giving every team member a voice 🔥</li> </ul>