Senior Software Engineer
Trinity Cyber is a leading developer and provider of advanced cybersecurity technologies and services. Our breakthrough core technology can deeply, quickly, and precisely interrogate and transform Internet sessions, creating a family of products and services. As a secure edge, our system automatically identifies, neutralizes and transforms malicious Internet traffic in line and at line speed with granularity and precision beyond other cybersecurity technologies. As an API-driven file inspection platform, it delivers sub-second conviction results and metadata to third-party providers like email security and packet capture vendors. It can also deliver rapid file context and content to cybersecurity analysts. Our customers and go-to-market partners are growing and span multiple industries.
Trinity Cyber is looking for a senior software engineer to join their Capability Engineering team building the core network, file, and protocol processing engine behind our TC:Edge and TC:File services. Ideal candidates will be self-motivated, flexible to new coding standards and processes, have some past experience with intrusion or threat detection and prevention, and have technical proficiency in key technology areas: high-performance C/C++, application layer network protocols, and file formats and parsing concepts. This role can be performed remotely.
Your primary role will be to write C++ code that will incrementally improve and generationally evolve Trinity Cyber's core software engine backing our TC:Edge and TC:File services. You will work with a small team of highly talented and motivated individuals with a diverse background to implement new protocol proxies, file parsers, and detection logic algorithms following existing and well-established patterns and workflows. Your primary customer will be our internal Threat Analysis and Formula Development teams with whom you will work closely and be a subject matter expert. You will also participate in daily peer code and design review sessions, write unit tests and ensure the quality of your code, and participate in architectural improvement discussions.
- Experience with EITHER application layer protocol parsing OR file format parsing for cyber security purposes.
- Application layer protocols:
- Examples: HTTP, SMTP, TLS, DNS, LDAP, SSH, FTP, SMB, NFS, etc.
- Experience with proxying, not just parsing, a major bonus.
- Cursory understanding of underlying layers (Ethernet, IP, TCP/UDP at a minimum) required; deep understanding including network stack experience a major bonus.
- File formats:
- Examples: OOXML, CFB, RTF, OLE, images (JPEG/JFIF, PNG, TIFF), sound files (OGG, MP3/MP4, WAV), executables/shared objects/adjacent formats (Windows, Linux, Mac, iOS, and Android – PE/DLL, ELF, SO, JAR, APK), etc.
- Experience with parsing based on both publicly defined specifications and poorly documented formats required.
- Experience writing strong identification of formats a bonus.
- Application layer protocols:
- Significant experience writing high throughput and/or low latency user space applications in C++ (14 or newer preferred).
- Performance tuning on Linux - full system (vTune, perf, gprof, etc.) and micro-benchmarking approaches.
- Familiarity with basic function of major kernel subsystems (network stack, memory management, process/thread management, etc.); especially interaction with user space applications.
- Linux networking stack and/or custom user space packet processing (DPDK or similar) experience is highly desired.
- Related development experience such as high-frequency trading, game engine development, or high-performance compute are also applicable.
- Ability to separate 'fast path'/'data plane' from 'slow path'/'control plane' functionality.
- Knowledge of general software development under Linux (CentOS 7/8/9).
- Basic systems administration: package management, shell scripting, SELinux basics, common service configuration (sshd, httpd, named, dhcpd, etc.), iptables.
- Knowledge of compiler, debugger, and testing tool chains - gcc/clang/icc, gdb, CMake, autotools, lcov, gcov, Google Test, etc.
- Continuous integration/continuous deployment systems – (Jenkins, Bamboo, etc.).
- Static and dynamic code quality/code analysis tools – (CodeSonar, cppcheck, sanitizers).
- Skill with at least one command line text editor (vim, emacs, etc.)
- Familiarity with issues surrounding application layer proxying of network protocols.
- Transparent intercepting proxy vs. explicit proxy.
- L2 vs L3 vs L7 transparency and performance/reliability impacts of proxies on various protocols.
- Experience with Linux "tproxy" or equivalent features (either standard stack or custom stack).
In Addition, a Fully Qualified Candidate Will Have:
- Experience with Tier 1 ISP grade high-performance multi-node x86 network appliance development desirable.
- 10Gbps+ throughput application layer proxies.
- 100,000s+ connections/s and concurrent connections.
- Liveness detection, node failover, load balancing, and state distribution in multi-rack level systems.
- Multi-tenant environments.
- An understanding of Intel architecture, including NUMA constraints, would be a major bonus.
- Applications with large memory footprint and impacts on cache efficiency for high throughput/low latency code.
- Practical CPU microarchitecture knowledge a major bonus: SIMD data parsing, lockless data structures, front end/back end CPU considerations.
- Hardware/software and user space/OS kernel interactions - BIOS tuning, cstates, process groups and affinity, PCI CPU affinity.
- Process and thread pinning.
- Bachelor’s Degree in Computer Science or related experience and/or training; or equivalent combination of education and experience.
- Effective verbal and written communication skills.
- Must possess the highest level of personal integrity, value team success over individual achievement, have the ability to contribute significantly to extending a culture of collaboration, both internally and externally, in order to maintain the superior reputation of Trinity Cyber - and enjoy having fun.