Code Signing & Secure Software Infrastructure Engineer

Job Summary

MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations.

Learn More:

https://www.mathworks.com/company/jobs/resources/applying-and-interviewing.html#onboarding.

MathWorks is seeking a Code Signing and Secure Software Infrastructure Engineer to help protect the integrity and authenticity of our software products. In this role, you'll design and build the systems that securely sign, validate, and release software used by engineers around the world. This position is ideal for an engineer who enjoys working at the intersection of secure software development, automation, and infrastructure, and who is passionate about strengthening the software supply chain. You'll play a critical role in embedding security into our CI/CD pipelines and ensuring our release artifacts meet modern platform trust and security standards. MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence. Responsibilities Design, develop, and operate secure code‑signing systems integrated into highly automated CI/CD pipelines. Build and maintain software-driven infrastructure that signs and verifies release artifacts across Windows, Linux, and macOS. Perform threat modeling and security reviews of build, integration, and release systems, and implement engineering‑focused mitigations. Manage the full lifecycle of production code‑signing certificates, including secure storage, rotation, and auditing. Implement mechanisms that ensure software is authentic, trusted, and tamper‑resistant from build through customer delivery. Develop monitoring, logging, and alerting to proactively detect failures, misuse, or attacks. Stay current with OS‑level trust models, code‑signing requirements, and platform security standards. Partner with software developers and security teams to integrate secure signing into the software development lifecycle. Help diagnose and resolve customer‑reported code‑signing and trust issues. Qualifications A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required. Additional Qualifications Strong software development and debugging experience in C/C++ and scripting languages such as Python. Experience working with source control systems like Git or Perforce. Hands‑on experience with automation and configuration management tools (e.g., Ansible, Chef, Puppet). Proven ability to debug systems using tools such as strace, dtrace, or bpftrace. Experience designing and operating secure build or release infrastructure. Solid understanding of code signing, certificates, cryptographic trust chains, and digital signatures. Familiarity with secure software supply chain practices or zero‑trust architectures. Experience supporting Linux, Windows, and macOS environments and network file systems (SMB, NFS). Experience with software‑defined networking (SDN) or infrastructure‑as‑code is a plus.