Principal Software Engineer - OnPrem

At Cerby we believe security is everyone’s business.  Collaborating across your apps doesn’t need to be chaos.  We are a mission-critical cybersecurity company that empowers your teams to operate securely and control their apps completely.  We’ve built our product on the idea that teams deserve autonomy over their work apps.  It turns out that why they are guaranteed a choice, security comes naturally.

More than 50% of all technology is spent outside of centralized IT organizations.  Individual business units are taking their technology destiny into their own hands, and we enable that.  End user onboarded applications are behind more than one third of all cybersecurity hacks.  We provide the solution to manage that through enabling users to select their own technology and we automatically protect those applications.

About the role

At Cerby, software engineers are at the heart of driving our technology and product innovation. As a Principal Software Engineer - On-Premise Agent, you will spearhead the design, development, and deployment of Cerby’s lightweight, enterprise-grade endpoint agent. This agent is a cornerstone of our strategy to securely connect to and automate intranet applications within customer on-premise environments, significantly expanding Cerby's capabilities and market reach. You will take ownership of this critical initiative, collaborate cross-functionally (including with InfoSec, Network, and IT Ops stakeholders from our customers), and drive the success of our on-premise automation capabilities. You will help lead a security-first engineering culture while ensuring the agent is robust, efficient, resource-conscious, and delivers significant value by extending Cerby's protection and automation into complex enterprise networks.


What you'll do

  • Design and Develop: Architect and build a scalable, high-performance, lightweight exceptionally secure on-premise agent and data core focused on security and automation of intranet applications, aligning with business goals and delivering customer value.
  • Agent Architecture: Design and implement a secure, resilient, and performant on-premise agent architecture, considering cross-platform compatibility (e.g., Windows, macOS, Linux) and minimal resource footprint.
  • Cryptographic Implementation & Validation (Rust/Go): Lead the effort to implement, and rigorously validate existing cryptographic algorithm designs into highly secure, performant Rust/Go native implementations for the agent's core. This includes secure local data storage, key management, and derivation.
  • Automation Capabilities: Develop features within the agent to reliably and securely, launch, manage, monitor, and automate interactions with diverse intranet applications, potentially including browser automation, API interaction, and interaction with desktop UI elements.
  • Deployment and Lifecycle Management: Engineer solutions for seamless agent deployment, auto-updates, configuration management, and remote troubleshooting in varied customer environments.
  • Collaborate: Work closely with product managers, engineering managers, UX designers, and other engineers to deliver high-quality software solutions that improve the security posture of our customers.
  • Code Excellence: Write clean, maintainable, and efficient code, adhering to best practices and coding standards with an uncompromising emphasis on security, cryptographic correctness, performance, and system-level interactions.
  • Continuous Improvement: Participate in code reviews, share knowledge with team members, and continuously improve development processes.
  • Innovation and Curiosity: Champion new technologies, frameworks, and methodologies that drive innovation and product evolution. Creates solutions that are used across the Engineering organization to improve productivity and/or quality of other engineers.
  • Security Mindset: Contribute to our security-first approach by proactively identifying vulnerabilities and implementing robust solutions.
  • Remote Collaboration: Collaborate effectively in a remote-first environment, ensuring seamless communication and teamwork across time zones.
  • Culture: Demonstrates leadership and lives Cerby’s core values to achieve positive outcomes.
  • Teamwork: Actively mentors, helps teammates perform better, and works effectively across teams and cross-functionally.

Qualifications

  • Experience:
    • 10+ years of professional software engineering experience.
    • MS/BS degree in Computer Science or equivalent, with a significant focus on systems programming, security-critical applications, and cryptographic implementation.
  • Technical Expertise:
    • Proven experience designing, developing, and maintaining highly secure endpoint agents or similar on-premise software, ideally for cybersecurity, automation, or remote access purposes.
    • Expertise with agent development; strong experience with languages like C++, Go, or Rust for performance-critical components, deep OS integration, or building lightweight executables is highly desirable.
    • Deep expertise in applied cryptography: Understanding of symmetric/asymmetric encryption, hashing, KDFs, digital signatures. Crucially, the ability to securely and correctly implement and validate these cryptographic algorithms in Rust and/or Go, potentially.
    • Strong understanding of operating system internals (Windows, macOS, Linux), networking protocols (TCP/IP, HTTP/S, TLS, WebSockets), and inter-process communication.
    • Experience with browser automation technologies (e.g., Selenium, Playwright, Puppeteer) and/or other UI automation frameworks.
    • Deep knowledge of secure coding practices, data encryption (at rest and in transit), and secure communication channels (e.g., mTLS) for agent-to-cloud and agent-to-application interactions.
    • Familiarity with challenges of deploying, managing, and updating software in diverse enterprise on-premise environments (e.g., proxies, firewalls, Active Directory, endpoint security solutions, air-gapped networks).
    • Experience with packaging, distribution, and auto-update mechanisms for on-premise software across multiple operating systems.
    • While the agent is on-prem, experience with cloud platforms (ideally AWS) for agent command and control (C2), telemetry, and management backend is beneficial.
    • Strong experience with cryptographic libraries in Rust (e.g., ring, rust-crypto, dalek-cryptography) or Go (e.g., crypto/*) and understanding their secure usage.
    • Strong understanding of secure local storage mechanisms, data-at-rest protection strategies.
    • Experience with .NET (C#) for application automation is valuable for understanding how the secure core will interact with automation tasks.
    • Knowledge of cloud and IT security practices and concepts such as zero-trust and encryption, and how they can be applied or adapted to on-premise agent scenarios.
  • Proficiency in:
    • Agent-Cloud Interaction & System Design:
      • Architecting and designing secure, resilient, and efficient communication protocols and APIs between the on-premise agent and cloud-based command & control/management services (understanding of common patterns, even if not building the cloud side).
      • Understanding the lifecycle of an on-premise agent as managed by a cloud backend (e.g., registration, configuration fetching, telemetry reporting, remote updates, decommissioning).
      • Designing the agent to be observable and diagnosable remotely via data sent to cloud backend systems (e.g., structured logging, metrics for OTEL, Datadog integration).
    • Core Software Engineering & Systems Practices:
      • Strong software engineering practices such as robust unit/integration testing for systems software (including extensive cryptographic test vectors and validation against reference implementations), Continuous Integration (CI) for compiled languages, Trunk-based development, Domain Driven Design (where applicable to agent modules), Refactoring, and rigorous Code reviews.
      • Architecting and designing modular, decoupled, and highly resource-efficient, performant, and secure software applications and systems in Rust or Go, specifically for endpoint deployment and long-running processes.
      • Cross-platform development and build systems for Rust/Go to target various operating systems (Windows, macOS, Linux).
      • Advanced Security Testing & Auditing Understanding, especially for cryptographic implementations (e.g., side-channel resistance, constant-time operations where needed).
    • Development & Operational Tooling:
      • Proficiency with containerization technologies (e.g., Docker) for creating consistent development and testing environments for the agent and understanding CI/CD pipelines that build, test, and package the agent.
      • Familiarity with debugging and performance profiling tools for Rust/Go applications on target operating systems.
  • Problem-Solving: Strong analytical and problem-solving skills with a focus on delivering high-quality solutions.
  • Technical Execution Skill: Ability to break down highly ambiguous and complex technical initiatives into a detailed plan.
  • Product Minded: strong interest and involvement in making a great product and working closely with customers and stakeholders to achieve it.
  • Communication Skills: Ability to communicate complex technical concepts clearly and concisely both in written and verbal form
  • Team Collaboration: Experience working in agile teams and a collaborative mindset to contribute to a positive team culture.
  • Start-up Experience (Preferred): Ability to thrive in a fast-paced, dynamic environment with changing priorities. Prior experience with a venture funded startup is preferred, but not required.

Engineering

Remote (United States)

Share on:

Terms of servicePrivacyCookiesPowered by Rippling