Software Engineer 4 (C#,. Net core, CLR Internals)
Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- Design, develop, and maintain the .NET agent core, including security checkers (SQLi, XSS, CSRF, deserialization, etc.) and taint analysis engine
- Develop and optimize native C++ profilers using the CLR Profiling API for both .NET Framework and .NET Core/.NET 5+
- Support multi-platform builds targeting Windows (x64), Linux (x64, ARM64), and Alpine/musl environments
- Extend agent capabilities to new .NET versions (.NET 8, 9, 10+) and hosting models (AWS Lambda, Azure Functions, gRPC, OWIN, WCF)
- Collaborate on CI/CD pipelines (GitLab CI) across multiple OS targets and Docker-based build environments
- Write and maintain unit tests (NUnit) and integration tests across framework versions
- Troubleshoot low-level runtime issues involving IL rewriting, method interception, and memory management
- Participate in code reviews, architecture discussions, and contribute to build system improvements (Cake Build, CMake, MSBuild)
- 9+ years of professional software development experience
- Strong C# proficiency across .NET Framework (3.5–4.8.1) and .NET Core/.NET 5+ (up to .NET 10)
- C++ experience — working with native interop, COM, and platform APIs (CLR Profiling API is a strong plus)
- Deep understanding of the .NET CLR internals — assembly loading, JIT compilation, IL metadata, type system
- Experience with multi-platform development (Windows & Linux)
- Proficiency with CMake, MSBuild, and complex build orchestration
- Strong debugging skills — ability to diagnose issues across managed/native boundaries
- Experience with Git and CI/CD pipelines (GitLab CI preferred)
- - Experience in application security, DAST/IAST, or security instrumentation
- - Knowledge of OWASP Top 10 vulnerabilities and detection techniques
- - Experience with Docker containerization and multi-arch builds (x64, ARM64, Alpine)
- - Familiarity with serverless platforms (AWS Lambda, Azure Functions)
- - Experience with WiX installer authoring and NuGet packaging
- - Knowledge of code obfuscation techniques
- - Familiarity with logging frameworks (log4net, spdlog, NLog)
- - Experience with WebSocket communication protocols
Tech Stack:
|
Layer |
Technologies |
|
Languages |
C#, C++, PowerShell |
|
Frameworks |
.NET Framework 3.5–4.8.1, .NET Core 2.0–3.1, .NET 5–10 |
|
Build |
Cake Build, CMake, MSBuild, GitLab CI |
|
Native |
CLR Profiling API, COM, spdlog, TBB |
|
Testing |
NUnit, Integration test harness |
|
Platforms |
Windows x64, Linux x64/ARM64, Alpine |
|
Packaging |
NuGet, WiX Installer |
Nice to Have:
- Experience contributing to profilers, APM agents, or runtime instrumentation tools
- Background in reverse engineering or binary analysis
- Familiarity with ReSharper code inspection tooling
Black Duck is an equal opportunity employer. We consider all applicants for employment without regard to race, color, national origin, religion, sex, gender identity or expression, age, disability, sexual orientation, veteran or military service status, or any other characteristic protected by applicable law. Black Duck complies with all applicable laws prohibiting employment discrimination in every jurisdiction where it operates and provides reasonable accommodations to individuals with disabilities in accordance with applicable law.
Create a Job Alert
Interested in building your career at Black Duck Software, Inc.? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field
