Senior C++ Engineer for Cryptographic Products

Quarkslab is a French company specializing in information security R&D, consulting and software development. Our expertise is in combining offensive and defensive security to help organizations adopt a new security posture: Force the attackers, not the defender, to adapt constantly. Through our consulting services as well as our software we provide tailored solutions to organizations, helping them to protect their assets, sensitive data, and users against increasingly sophisticated attacks.

Quarkslab is an avid and active user of, and contributor to, Open Source Software and develops and maintains state-of-the-art security tools such as LIEF , QBDI, Triton, Irma, and several other projects.

We develop two commercial software products: QFlow, a platform to automate and orchestrate security analysis of files at scale, and QShield, advanced code and data protection software to disrupt code lifting, reverse engineering and tampering attacks.

The QShield team develops several protection solutions, for applications running on desktop, mobile or embedded devices - targeting code, data at rest, cryptographic algorithms, and attesting the legitimacy of the runtime environment and platform.

These tools run on different kinds of environments, including Linux, Windows, macOS, Android, and iOS, and architectures, such as x86_64 and arm for instance, and some of them rely on third-party components such as LLVM, a state-of-the-art open source C/C++ compiler. This job specifically focuses on the engineering of a collection of C++ tools and libraries that embed and use some common cryptographic algorithms and/or protocols, but also provide other broader features.

The challenge you will face will be to help develop and maintain the protection solutions while being regularly exposed to new, exotic, and interesting concepts, related to cryptography implementation and usage, in the context of projects related to secrets and runtime environment protection: secret keys management, the protection of data at rest, secure protocols and hardware secure elements usage, etc…

You will need to do some online research, and understand cryptographic standards, find and study existing protocols and implementations, and inform the rest of the team on what would be the sound choices/design in a given context. You will also participate in the implementation of customer-specific requirements and customer support.

If you like C++, technical challenges, you know a bit of cryptography, and you are curious about learning more, do not hesitate to contact us!

Key Responsibilities:

• Help maintain and develop our different tools, with a focus on cryptographic and runtime protection components.
• Ensure the quality of the delivered product in terms of security, performance, and code size.
• Communicate your developments to the rest of the team.

Skills
Hard Skills
The skills or knowledge we think you should have:

• 3 years+ experience in development in C++
• Knowledge of public key cryptography and infrastructure
• Knowledge or strong interest in cryptography and protocols (comfortable with reading standards, knowledge about best practices)

But also, that would be nice if you knew:

• CMake, Git, and Gitlab
• Some of the targeted environments (in particular Windows or macOS) or architectures (in particular Arm or IoT)
• Notions of cryptographic protocol design and analysis (common attacks and more elaborate cryptographic structures)
• Notions of software protections applied to cryptography (side-channel protections, white-box implementations)
• Notions of reverse engineering
• Python

Soft Skills

• Team player to exchange your knowledge with others
• Autonomous and able to be creative / think outside the box
• Spoken English