<div class="content-intro"><p>Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.</p></div><p> </p><div class="ewa-rteLine"><strong>About the Role:</strong></div><div class="ewa-rteLine">We are looking for a Hands-on Software Engineer 4 to work on our Seeker Inline Agent for .NET — a dynamic application security testing (DAST) agent that instruments .NET applications at runtime to detect security vulnerabilities. You will work across C#, C++, and multiple .NET runtime versions to build and maintain profiler-based instrumentation, security checkers, and platform integrations.</div><div class="ewa-rteLine"> </div><div class="ewa-rteLine"><strong>Responsibilities:</strong></div><div class="ewa-rteLine"><ul><li>Design, develop, and maintain the <strong>.NET agent core, including security checkers</strong> (SQLi, XSS, CSRF, deserialization, etc.) and taint analysis engine</li><li><strong>Develop and optimize native C++ profilers</strong> <strong>using the CLR Profiling API for both .NET Framework and .NET Core/.NET 5+</strong></li><li>Support multi-platform builds targeting Windows (x64), Linux (x64, ARM64), and Alpine/musl environments</li><li><strong>Extend agent capabilities to new .NET versions (.NET 8, 9, 10+) </strong>and hosting models (AWS Lambda, Azure Functions, gRPC, OWIN, WCF)</li><li>Collaborate on <strong>CI/CD pipelines (GitLab CI) across multiple OS targets and Docker-based build environments</strong></li><li>Write and maintain unit tests (NUnit) and integration tests across framework versions</li><li>Troubleshoot low-level runtime issues involving IL rewriting, method interception, and memory management</li><li>Participate in code reviews, architecture discussions, and contribute to build system improvements (Cake Build, CMake, MSBuild)</li></ul></div><div class="ewa-rteLine"> </div><div class="ewa-rteLine"><strong>Required Skills:</strong></div><div class="ewa-rteLine"><ul><li>9+ years of professional software development experience</li><li><strong>Strong C# proficiency</strong> across <strong>.NET Framework (3.5–4.8.1)</strong> and .<strong>NET Core/.NET 5+ (up to .NET 10)</strong></li><li><strong>C++ experience</strong> — working with native interop, COM, and platform APIs (CLR Profiling API is a strong plus)</li><li>Deep understanding of the <strong>.NET CLR internals </strong>— assembly loading, JIT compilation, IL metadata, type system</li><li>Experience with <strong>multi-platform development (Windows & Linux)</strong></li><li>Proficiency with <strong>CMake, MSBuild,</strong> and complex build orchestration</li><li>Strong debugging skills — ability to diagnose issues across managed/native boundaries</li><li>Experience with <strong>Git and CI/CD pipelines </strong>(GitLab CI preferred)</li></ul></div><div class="ewa-rteLine"> </div><div class="ewa-rteLine"><strong>Preferred Skills:</strong></div><div class="ewa-rteLine"><ul><li>- Experience in <strong>application security, DAST/IAST, </strong>or security instrumentation</li><li>- Knowledge of<strong> OWASP Top 10</strong> vulnerabilities and detection techniques</li><li>- Experience with <strong>Docker </strong>containerization and multi-arch builds (x64, ARM64, Alpine)</li><li>- Familiarity with <strong>serverless platforms</strong> (AWS Lambda, Azure Functions)</li><li>- Experience with <strong>WiX installer </strong>authoring and NuGet packaging</li><li>- Knowledge of <strong>code obfuscation</strong> techniques</li><li>- Familiarity with logging frameworks (log4net, spdlog, NLog)</li><li>- Experience with <strong>WebSocket </strong>communication protocols</li></ul><p> </p><p> </p><h2><span style="font-size: 10pt;"><strong>Tech</strong> <strong>Stack:</strong></span></h2><table><tbody><tr><td><p><strong>Layer</strong></p></td><td><p><strong>Technologies</strong></p></td></tr><tr><td><p>Languages</p></td><td><p>C#, C++, PowerShell</p></td></tr><tr><td><p>Frameworks</p></td><td><p>.NET Framework 3.5–4.8.1, .NET Core 2.0–3.1, .NET 5–10</p></td></tr><tr><td><p>Build</p></td><td><p>Cake Build, CMake, MSBuild, GitLab CI</p></td></tr><tr><td><p>Native</p></td><td><p>CLR Profiling API, COM, spdlog, TBB</p></td></tr><tr><td><p>Testing</p></td><td><p>NUnit, Integration test harness</p></td></tr><tr><td><p>Platforms</p></td><td><p>Windows x64, Linux x64/ARM64, Alpine</p></td></tr><tr><td><p>Packaging</p></td><td><p>NuGet, WiX Installer</p></td></tr></tbody></table><p> </p><h2><span style="font-size: 10pt;"><strong>Nice</strong> <strong>to Have:</strong></span></h2><ul><li>Experience contributing to profilers, APM agents, or runtime instrumentation tools</li><li>Background in reverse engineering or binary analysis</li><li>Familiarity with ReSharper code inspection tooling</li></ul><p> </p></div><div class="ewa-rteLine"> </div><div class="content-conclusion"><p><em>Black Duck is an equal opportunity employer. We consider all applicants for employment without regard to race, color, national origin, religion, sex, gender identity or expression, age, disability, sexual orientation, veteran or military service status, or any other characteristic protected by applicable law. Black Duck complies with all applicable laws prohibiting employment discrimination in every jurisdiction where it operates and provides reasonable accommodations to individuals with disabilities in accordance with applicable law.</em></p></div>