Sr Software Engineer - OnPrem

At Cerby we believe security is everyone’s business.  Collaborating across your apps doesn’t need to be chaos.  We are a mission-critical cybersecurity company that empowers your teams to operate securely and control their apps completely.  We’ve built our product on the idea that teams deserve autonomy over their work apps.  It turns out that why they are guaranteed a choice, security comes naturally.

More than 50% of all technology is spent outside of centralized IT organizations.  Individual business units are taking their technology destiny into their own hands, and we enable that.  End user onboarded applications are behind more than one third of all cybersecurity hacks.  We provide the solution to manage that through enabling users to select their own technology and we automatically protect those applications.

About the role

At Cerby, software engineers are at the heart of driving our technology and product innovation. As a Senior Software Engineer - Secure Endpoint Agent & Core, you will play a key role in the design, development, and deployment of Cerby’s highly secure, lightweight, enterprise-grade endpoint agent. This agent is a cornerstone of our strategy to securely connect to and automate intranet applications within customer on-premise environments, significantly expanding Cerby's capabilities and market reach. You will take ownership of significant components and features of this vital agent, focusing on implementing cutting-edge native security and cryptographic integrity. You will collaborate cross-functionally and contribute significantly to the success of a product that underpins both user data security and enterprise automation. You will actively contribute to and uphold a security-first engineering culture, ensuring the agent is performant, secure, resource-conscious, and delivers profound value


What you'll do

  • Design and Develop: Contribute to the architecture and build scalable, high-performance, and exceptionally secure on-premise agent and data core components
  • Agent Architecture: Design and implement a secure, resilient, and performant on-premise agent architecture, considering cross-platform compatibility (e.g., Windows, macOS, Linux) and minimal resource footprint.
  • Cryptographic Implementation & Validation (Rust/Go): Implement, and rigorously validate existing cryptographic algorithm designs into highly secure, performant Rust/Go native implementations for the agent's core. This includes secure local data storage, key management, and derivation.
  • Automation Capabilities: Develop features within the agent to reliably and securely, launch, manage, monitor, and automate interactions with diverse intranet applications, potentially including browser automation, API interaction, and interaction with desktop UI elements.
  • Deployment and Lifecycle Management: Engineer solutions for seamless agent deployment, auto-updates, configuration management, and remote troubleshooting in varied customer environments.
  • Collaborate: Work closely with product managers, engineering managers, UX designers, and other engineers to deliver high-quality software solutions that improve the security posture of our customers.
  • Code Excellence: Write clean, maintainable, and efficient code, adhering to best practices and coding standards with an uncompromising emphasis on security, cryptographic correctness, performance, and system-level interactions.
  • Continuous Improvement: Participate in code reviews, share knowledge with team members, and continuously improve development processes.
  • Innovation and Curiosity: Champion new technologies, frameworks, and methodologies that drive innovation and product evolution. Creates solutions that are used across the Engineering organization to improve productivity and/or quality of other engineers.
  • Security Mindset: Contribute to our security-first approach by proactively identifying vulnerabilities and implementing robust solutions.
  • Remote Collaboration: Collaborate effectively in a remote-first environment, ensuring seamless communication and teamwork across time zones.
  • Culture: Demonstrates leadership and lives Cerby’s core values to achieve positive outcomes.
  • Teamwork: Actively mentors, helps teammates perform better, and works effectively across teams and cross-functionally.

Qualifications

  • Experience:
    • 5-7+ years of professional software engineering experience, with a strong focus on systems programming and developing security-conscious applications.
    • MS/BS degree in Computer Science or equivalent
  • Technical Expertise:
    • Strong experience developing and maintaining secure endpoint software or similar on-premise applications
    • Solid understanding and practical experience in applied cryptography: Understanding of symmetric/asymmetric encryption, hashing, KDFs, digital signatures. Ability to securely and correctly implement and validate cryptographic algorithm
    • Strong understanding of operating system internals (Windows, macOS, Linux), networking protocols (TCP/IP, HTTP/S, TLS, WebSockets), and inter-process communication.
    • Experience with browser automation technologies (e.g., Selenium, Playwright, Puppeteer) and/or other UI automation frameworks.
    • Deep knowledge of secure coding practices, data encryption (at rest and in transit), and secure communication channels (e.g., mTLS) for agent-to-cloud and agent-to-application interactions.
    • Familiarity with challenges of deploying, managing, and updating software in diverse enterprise on-premise environments (e.g., proxies, firewalls, Active Directory, endpoint security solutions, air-gapped networks).
    • Experience with packaging, distribution, and auto-update mechanisms for on-premise software across multiple operating systems.
    • While the agent is on-prem, experience with cloud platforms (ideally AWS) for agent command and control (C2), telemetry, and management backend is beneficial.
    • Strong experience with cryptographic libraries in Rust (e.g., ring, rust-crypto, dalek-cryptography) or Go (e.g., crypto/*) and understanding their secure usage.
    • Strong understanding of secure local storage mechanisms, data-at-rest protection strategies.
    • Experience with .NET (C#) for application automation is valuable for understanding how the secure core will interact with automation tasks.
    • Familiarity with designing systems with zero-knowledge principles.
  • Proficiency in:
    • Agent-Cloud Interaction & System Design:
      • Designing and implementing secure, resilient, and efficient communication protocols and APIs between the on-premise agent and cloud-based command & control/management services (understanding of common patterns, even if not building the cloud side).
      • Understanding the lifecycle of an on-premise agent as managed by a cloud backend (e.g., registration, configuration fetching, telemetry reporting, remote updates, decommissioning).
      • Designing the agent to be observable and diagnosable remotely via data sent to cloud backend systems (e.g., structured logging, metrics for OTEL, Datadog integration).
    • Core Software Engineering & Systems Practices:
      • Strong software engineering practices such as robust unit/integration testing for systems software (including extensive cryptographic test vectors and validation against reference implementations), Continuous Integration (CI) for compiled languages, Trunk-based development, Domain Driven Design (where applicable to agent modules), Refactoring, and rigorous Code reviews.
      • Designing and implementing modular, decoupled, and highly resource-efficient, performant, and secure software applications and systems in Rust or Go, specifically for endpoint deployment and long-running processes.
      • Cross-platform development and build systems for Rust/Go to target various operating systems (Windows, macOS, Linux).
      • Advanced Security Testing & Auditing Understanding, especially for cryptographic implementations (e.g., side-channel resistance, constant-time operations where needed).
    • Development & Operational Tooling:
      • Proficiency with containerization technologies (e.g., Docker) for creating consistent development and testing environments for the agent and understanding CI/CD pipelines that build, test, and package the agent.
      • Familiarity with debugging and performance profiling tools for Rust/Go applications on target operating systems.
  • Problem-Solving: Strong analytical and problem-solving skills with a focus on delivering high-quality solutions.
  • Technical Execution Skill: Ability to break down highly ambiguous and complex technical initiatives into a detailed plan.
  • Product Minded: strong interest and involvement in making a great product and working closely with customers and stakeholders to achieve it.
  • Communication Skills: Ability to communicate complex technical concepts clearly and concisely both in written and verbal form
  • Team Collaboration: Experience working in agile teams and a collaborative mindset to contribute to a positive team culture.

Start-up Experience (Preferred): Ability to thrive in a fast-paced, dynamic environment with changing priorities. Prior experience with a venture funded startup is preferred, but not required.

Engineering

Remote (United States)

Share on:

Terms of servicePrivacyCookiesPowered by Rippling