Senior Engineer, Agentic Identity

ABOUT BASELAYER

---

Every business in America needs a bank account to exist. The system that decides whether they're real, who's behind them, and whether they're a risk, runs on infrastructure from the 1980s. We're rebuilding that layer from scratch.

Baselayer is the identity layer for institutions across the United States — the most complete business graph in America and every human tied to it. We fuse public records, IRS data, sanctions lists, web signals, and fraud telemetry from 2,200+ financial institutions into a single graph that resolves any business and the humans behind it in milliseconds. The legacy credit bureaus took 50 years to build something that gets 60% match rates. We've built something that gets 98% in under two years.

Today we're trusted by over 20% of financial institutions in America — including FIS, Rho, Socure and leading loan infrastructure providers. But the graph is becoming infrastructure for anyone who needs to know if a business is real and worth trusting: gig platforms, marketplaces, AI companies, and commerce infrastructure at scale.

Trust is the substrate of every financial transaction. We're rebuilding it.

ABOUT THE TEAM

---

We're solving real-time entity resolution at a scale no one else has cracked — fusing dozens of data sources into a single business identity graph and resolving any entity in milliseconds. It's a graph AI problem, a retrieval problem, and a fraud-modeling problem stacked on top of each other. The technical depth is real.

You'd be joining a small team where the data moat is defensible, the research problems are open, and the infrastructure you build becomes load-bearing for businesses. Ownership is real. Velocity is real. There's no layer of process between an idea and shipping it.

We're at an inflection point — the graph is built, the match rates speak for themselves, and the hardest problems are still ahead: graph embeddings, fraud propagation models across the business network, real-time traversal at sub-100ms latency, and expanding the identity layer beyond finance into every platform that needs to trust a business.

If you want to work on something foundational — the kind of infrastructure that gets built once and everything else runs on top of — this is it.

ABOUT THE ROLE

---

AI agents are beginning to act on behalf of people and businesses against publishers, banks, payment networks, and APIs. Every counterparty today answers identity questions on its own - self-asserted API keys, third-party cookies, pixel trackers. That model breaks the moment the actor is an agent. We're building KYA (Know Your Agent) - a cryptographic identity substrate that replaces self-assertion with third-party-issued credentials, verifiable by any counterparty. We're hiring an engineer to own a meaningful surface of the substrate - issuer mint, edge verification, Passport, or Merkle audit log - and ship it to production.

WHAT YOU'LL DO

---

• Build and maintain the runtime issuer/mint: OAuth Token Exchange (RFC 8693), JWS credentials (RFC 7515/7519, SD-JWT-VC), and Merkle audit log with real-time revocation.
• Own and evolve the wire format and claim registry: JWT profile, verification_level/verification_method enums, and eIDAS/NIST IAL/FATF CDD crosswalk.
• Implement sub-millisecond JWS verification and Web Bot Auth signature checks (RFC 9421) at the HTTP edge for counterparty CDNs, merchants, and publisher paywalls.
• Build and maintain Passport - the user's cloud-resident principal account with canonical handle, KYC/KYB record, authorized-operators list, audit feed, and authenticator binding.
• Develop operator integration: embedded KYB onboarding inside first OAuth 2.0 consent, per-operator opt-in, and webhook delivery via Svix.
• Work across a Python 3.13 monorepo (FastAPI, Cloud Tasks, Cloud Run, SQLModel/SQLAlchemy) and Go for performance-critical substrate components.

MINIMUM REQUIREMENTS

---

• Shipped systems where cryptographic correctness was load-bearing: OAuth/OIDC IdP, token issuer, signing service, HSM-backed signer, passkey/WebAuthn flow, or similar.
• Fluent in Python and Go, or strong in one with a track record of learning the other quickly.
• Reads RFCs as primary sources and holds informed opinions on JWK thumbprint canonicalization, pairwise-sub derivation, and Signature-Input header serialization.
• Deep understanding of the distinction between identity and authorization, mandate and claim, snapshot and live state.
• Production experience with async Python on Postgres, including migration safety and observability.

WHAT SETS YOU APART

---

• Verifiable credentials / SSI / DID work - especially SD-JWT-VC, OID4VC, or the W3C VC stack.
• Certificate Transparency, Trillian, or similar append-only-log experience.
• KYC/KYB pipeline experience: provider abstraction, evidence retention, eIDAS/FATF CDD level mapping, ownership-chain resolution.
• Edge/CDN engineering - Cloudflare Workers, Fastly Compute, Envoy filters, or mTLS at the edge.
• Familiarity with AP2, x402, MPP, UCP, or Mastercard VI specs and how identity rides alongside mandate.

WORK LOCATION

---

• Based in SF; hybrid 4 days per week in office.

COMPENSATION

---

• Salary Range: $195k – $300k + Equity | 0.05% – 0.25%

BENEFITS

---

• Time off when you need it: Flexible PTO so you can recharge without red tape
• In-person energy: We're based in SF and meet in the office 4 days a week
• Competitive compensation: We pay well and back it with equity. We want you to think and act like an owner
• Career rocket fuel: You'll help build the foundation of a high-growth startup, working side by side with experienced founders and team members who've done it before
• Benefits on us: We cover 100% of your health, dental, and vision premiums. No surprise deductions from your paycheck
• 401(k) with company match: We match your contributions so your future self benefits too
• HSA contributions included: We contribute to your HSA on applicable plans, so your coverage works as hard as you do
• Stay healthy, stay sharp: A $250 annual gym stipend to help you bring your best self to work, and everywhere else
• A seat at the table: We believe in transparency, radical candor, and giving every team member a voice 🔥