Principal Engineer - IDS Engineer (C/C++)

The elevator pitch: Why would you enjoy this new opportunity? VMware by Broadcom is the leader in datacenter infrastructure, networking and security business, and virtualization software. We empower customers with solutions from the software-defined data center to hybrid cloud computing and the mobile workspace. We have an exciting opportunity for a Principal Engineer on our Network Detection and Research Team part of the ANS Business Unit. Our team is responsible for the development of the network intrusion detection capabilities for VMware vDefend Advanced Threat Prevention (ATP), a cutting-edge networking and security analytics solution for the detection and prevention of advanced threats.

Success in the Role: What are the performance outcomes over the first 6-12 months you will work toward completing? You develop a deep understanding of the core Intrusion Detection System (Suricata) and internal “detection products” that our team offers to other parts of the organisation. You become acquainted with their high level operation and the way they are deployed in customer products. You make improvements to the Suricata IDS engine and work with Suricata’s Open Information Security Foundation (OISF) to have the improvements integrated into the upstream repository. You establish rapport with “customer teams” within the organization and assist them in the integration of the IDS into VMware by Broadcom’s products. You design and define performance testing requirements and procedures for the IDS and work with testing teams to verify and ensure the continued high performance of the engine. You understand how the team’s network threat analysts use the IDS to develop signatures and become their first point of contact on questions regarding the IDS system’s behavior and capabilities. (Optimally) you design and lead the implementation of an intermediate signature language in Python that will be used by the team’s network threat analysts to write signatures that are then converted to the Suricata signature format.

The Work: What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis? You will implement improvements and new features to the Suricata IDS system to improve its ability to detect suspicious and malicious network traffic. You upgrade the IDS and ensure compatibility with upstream OISF Suricata releases and evaluate the performance impact of upgrades and new features. You assist the team’s network threat analysts in understanding the engine’s behavior and communicate with “customer teams” to assist them in integrating the IDS into the company’s products. Review the activity of other members of the team and help to push for excellence. (Optimally) you make improvements to the intermediate IDS signature (implemented in Python) language used by network threat analysts to support the signature writing process.

Who you are: You have a strong background in computer networking and C/C++ (and optionally Rust). You have experience in working with IDS systems. You are passionate about or have an interest in working in network security. You are a methodical person comfortable in managing and analyzing large amounts of data. You are able to work independently and are comfortable in working with a global team working in different timezones. You enjoy experimenting with new ideas, creating quick prototypes, and following academic papers to identify new approaches.

Preferred qualifications: Bachelor’s degree in Computer Science/Engineering and 12+ years of related experience, or Master’s Degree and 10+ years of related experience required, or PhD and 7+ years of related experience. Deep working knowledge in C/C++ and familiarity with Python. Familiarity and experience working with Docker and Kubernetes environments. Previous experience working with testing frameworks and/or benchmarking tools, e.g. wrk, Keysight Cyperf, Ixia Breakingpoint, Cisco T-Rex, tcpreplay, etc.

What is the leadership like for this role? What is the structure and culture of the team like? The hiring manager for this role is Luukas Larinkoski, who leads the Network Detection Research Team in the ANS Business Unit and is based in London, UK. The team is spread across US and Europe, and has strong roots in academic research with several members of the team having worked and published in top academic conferences on network security topics.

Where is this role located? The role requires presence at the Broadcom office located in Farringdon in London, UK.

Compensation and Benefits: Broadcom offers a competitive base salary. This position is also eligible for a discretionary annual bonus in accordance with relevant plan documents. Broadcom offers a competitive and comprehensive benefits package: Medical and dental plans, Employee Stock Purchase Program (ESPP), Employee Assistance Program (EAP), paid sick leave and vacation time. The company follows all applicable laws for Paid Family Leave and other leaves of absence.

Equal Opportunity Employer: Broadcom is proud to be an equal opportunity employer. We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law. We will also consider qualified applicants with arrest and conviction records consistent with local law.