Build the Future of
Infrastructure Security.

What you will own

The eBPF/XDP kernel program is the core of Neurowall. It runs in the network driver, evaluates every packet before the kernel network stack sees it, and makes allow/drop decisions in under 50 microseconds. You will own this program end-to-end: rate limiting, connection tracking, DDoS detection, protocol parsing, and the shared-memory interfaces that expose per-CPU counters to userspace.

This is not a "learn eBPF on the job" role. You will be writing production kernel-space C and reviewing verifier output from day one. We care about what you have built, not your title.

What you will work on

• Extend the XDP program: new protocol parsers (QUIC, DNS sinkhole, VLAN), new flood-detection heuristics, tail call chains for L7 inspection
• Debug verifier rejections, stack frame overflows, and map access bounds issues
• Design and maintain the eBPF map schemas (per-CPU arrays, hash maps, LRU maps) shared with Go userspace
• Write and maintain the Go eBPF manager: program loading, map pinning, CO-RE support, BTF generation
• Tune the packet cost model (SYN, ACK, UDP, ICMP, fragmentation weights) against real-world traffic
• Own correctness: write kernel-level regression tests, catch double-counting bugs and uninitialized variable UB before they reach production

What we are looking for

• 3+ years writing eBPF programs in production (XDP or TC preferred)
• Deep understanding of the Linux network stack: sk_buff lifecycle, NAPI, XDP return codes, GRO/GSO
• Fluent in C and Go; comfortable reading kernel source and BPF verifier output
• Experience with libbpf, CO-RE, BTF, and bpf2go or cilium/ebpf
• Solid networking fundamentals: IP/TCP/UDP/ICMP headers, fragmentation, NAT, routing, ARP, VLAN tagging
• Familiarity with DDoS techniques: SYN flood, ACK flood, UDP amplification, IP fragmentation attacks
• Comfortable with packet-level tools: hping3, scapy, tcpdump, Wireshark
• Strong debugging instincts — you reach for bpftool, perf, and ftrace, not printf

Nice to have

• Prior work on Cilium, Katran, XDP Firewall, or similar open-source eBPF projects
• Experience with kernel module development or Linux TC (traffic control)
• Throughput benchmarking with iperf3 or pktgen at multi-Gbps rates
• Understanding of DPDK and how XDP compares at extreme packet rates

What you will own

The Go services layer turns kernel-space decisions into a manageable system: REST and gRPC APIs, rule synchronization across eBPF/nftables/database, high availability via etcd Raft, backup and restore, threat intelligence ingestion, and the LLM integration that provides contextual threat analysis. You will own significant parts of this surface.

What you will work on

• Build and maintain the rule synchronization pipeline: rules authored in the UI must reach eBPF maps, nftables, and PostgreSQL atomically, with rollback on failure
• Extend the REST and gRPC APIs: new endpoints, input validation, RBAC enforcement, audit logging
• Own the HA layer: etcd-based leader election, state sync via watch, session TTL and failover
• Integrate new threat intelligence feeds (AbuseIPDB, AlienVault OTX, MISP) with in-memory caching and graceful degradation
• Build the LLM chaining pipeline: multi-provider support (Ollama, OpenAI, Anthropic), streaming SSE responses, prompt engineering for security context, cost tracking
• Performance work: query optimization, connection pooling, cache hit rate analysis

What we are looking for

• 3+ years writing production Go services
• Strong understanding of distributed systems: consensus, leader election, watch mechanisms, eventual consistency
• Comfortable with PostgreSQL and SQLite: query optimization, schema migrations, transaction design
• Experience with gRPC: protobuf definitions, streaming, TLS, interceptors
• Familiarity with caching patterns and TTL-based data management
• Clean API design instincts — you think about versioning, error contracts, and idempotency from the start

Nice to have

• Experience with etcd or other Raft-based systems (Consul, ZooKeeper)
• Prior work on firewall or network security products
• Exposure to LLM APIs and prompt engineering
• Understanding of JWT, RBAC, and API key authentication patterns

What you will own

Neurowall's threat intelligence layer ingests indicators from multiple external feeds, caches them in memory, and correlates them against live traffic in real time. The detection layer sits above this: heuristics for behavioral anomaly detection, baseline learning, and LLM-powered contextual analysis. You will own the correctness, coverage, and performance of this entire pipeline.

What you will work on

• Maintain and extend threat feed integrations: AbuseIPDB, AlienVault OTX, MISP, custom feeds
• Design and tune detection heuristics: threshold selection, false positive analysis, adaptive baselines
• Build the baseline learning engine: normal traffic profiles per interface, anomaly scoring, alert suppression
• Own the LLM threat analysis pipeline: prompt design, response validation, cost control
• Write and maintain the detection test suite: known-bad traffic replay, regression coverage for each heuristic
• Investigate real-world attacks against Neurowall deployments and translate findings into new detection rules

What we are looking for

• 2+ years in threat intelligence, detection engineering, or network security
• Hands-on experience with OSINT feeds and indicator formats (STIX/TAXII, MISP events, CSV feeds)
• Solid networking fundamentals: TCP/IP, UDP, ICMP, DNS, protocol headers and flag semantics
• Understanding of network attack techniques: DDoS, port scanning, protocol abuse, amplification
• Comfortable crafting and replaying attack traffic with hping3, scapy, or tcpreplay
• Comfortable with Go or Python for feed ingestion and analysis tooling
• Strong data instincts: false positive rates, threshold sensitivity, and measurement

Nice to have

• Experience building SIEM detection rules (Sigma, KQL, SPL)
• Prior work on ML-based anomaly detection for network traffic
• Understanding of LLM prompt engineering for security classification tasks
• Exposure to eBPF-based observability (bpftrace, BCC tools)

What you will own

Neurowall's web UI is a real-time systems dashboard: live packet counters, DDoS event timelines, firewall rule management, threat feeds, and VPN peer configuration. It is built in Preact and communicates with the backend via REST and Server-Sent Events. The bar is high — this is a tool that operators use during active incidents.

What you will work on

• Build and maintain dashboard views: traffic analytics, threat timelines, rule editor, VPN management
• Implement real-time data flows: SSE-based live counters, WebSocket threat feeds, auto-refreshing panels
• Own the routing and navigation architecture (History API, nested routes, keyboard navigation)
• Build the rule editor: form validation, protocol/port selectors, priority drag-and-drop
• Performance: virtualized lists for high-volume event feeds, debounced inputs, incremental rendering
• Accessibility and keyboard navigation for operator workflows

What we are looking for

• 2+ years building production web UIs
• Strong JavaScript fundamentals — you understand the event loop, closures, and async patterns without needing a framework to think for you
• Experience with Preact or React; comfortable reading component trees and debugging re-render issues
• Familiarity with SSE and WebSocket patterns for streaming data
• CSS competence: flexbox/grid, responsive layouts, animation without libraries
• Design sensibility for dense information displays — you know when a table beats a chart

Nice to have

• Prior experience building monitoring or observability dashboards (Grafana-style UIs)
• Understanding of network concepts (IP, ports, protocols) — helps when building the rule editor
• Experience with Vite or similar build tooling
• Exposure to charting libraries (Chart.js, D3) for traffic visualizations

What you will own

Neurowall ships as a Go binary, a Docker image, and packaged .deb/.rpm. The infrastructure around it — CI/CD, packaging, Prometheus/Grafana monitoring, and Kubernetes deployment — needs someone who treats infrastructure as code and takes uptime seriously.

What you will work on

• Build and maintain CI/CD pipelines: Go builds, eBPF compilation (clang/LLVM), Docker image publishing, integration test runs
• Own the packaging pipeline: nfpm-based .deb/.rpm builds, Alpine Docker images, version tagging
• Set up and maintain the Prometheus metrics stack: dashboards, alerting rules, metric design
• Design and run load testing infrastructure: traffic generation, throughput benchmarks, regression detection
• Kubernetes deployment: Helm chart authoring, RBAC, health probes, rolling updates
• Security hardening: CAP_NET_ADMIN scoping, seccomp profiles, image scanning

What we are looking for

• 2+ years in DevOps, platform engineering, or SRE
• Fluent with Docker and Kubernetes: multi-stage builds, Helm, namespaces, resource limits
• Experience with GitHub Actions or similar CI/CD platforms
• Prometheus + Grafana: metric design, alert rule writing, dashboard building
• Linux system administration: systemd, network namespaces, kernel capabilities
• Infrastructure-as-code: Terraform or Pulumi preferred

Nice to have

• Experience packaging Go binaries for Linux distributions (nfpm, fpm, apt/yum repos)
• Familiarity with eBPF tooling (bpftool, bpf2go build steps, BTF generation)
• Prior work at a network or security company
• Load testing experience: iperf3, pktgen, t-rex, hping3

What you will own

Neurowall makes performance claims — 10–24 Gbps throughput, sub-50μs drop latency, DDoS mitigation at line rate. Someone has to prove those claims are real, find where they break down, and make sure every release ships with that evidence. You will own the lab environment, the test methodology, and the results.

This is not QA in the traditional sense. You think in topologies, build attack scenarios, and know when a benchmark number is misleading.

What you will work on

• Design and maintain the network test lab: physical or virtual topologies representing real deployment environments
• Run throughput and latency benchmarks: iperf3, pktgen, t-rex; measure baseline and under-attack conditions; track regressions across releases
• Craft and replay attack traffic: SYN floods, ACK floods, UDP amplification, IP fragmentation, ICMP floods using hping3, scapy, and tcpreplay
• Validate firewall rule behavior: confirm allow/drop decisions match intent across IPv4, IPv6, VLAN-tagged traffic, and extension headers
• Test HA failover: simulate leader node failure, measure recovery time, verify no traffic is silently dropped or passed during transition
• Build the regression suite: automate traffic scenarios so every PR can be tested against known-good baselines
• Write test reports: clear pass/fail results with packet captures, counter diffs, and reproduction steps

What we are looking for

• 2+ years in network testing, network operations, or infrastructure QA
• Hands-on with packet generation and analysis: hping3, scapy, iperf3, pktgen, tcpdump, Wireshark
• Solid networking fundamentals: IP/TCP/UDP/ICMP headers, routing, NAT, VLANs, ARP, fragmentation and reassembly
• Experience setting up and managing Linux network namespaces or virtual topologies (veth pairs, bridges, QEMU/KVM, GNS3)
• Comfortable scripting test automation in Python or Bash
• Methodical and precise — you document what you tested, how you tested it, and what the numbers mean

Nice to have

• Experience with dedicated traffic generators: Spirent, IXIA, MoonGen, or t-rex at multi-Gbps rates
• Familiarity with eBPF observability tools: bpftool, bpftrace, BCC
• Understanding of DDoS mitigation techniques and how to distinguish correct drops from false positives
• Prior work in a network security or firewall vendor lab environment
• CCNA, CCNP, or equivalent hands-on networking background

What you will own

CloudArmour's internal monitoring platform collects and stores high-volume telemetry from deployed Neurowall instances — packet counters, drop events, DDoS detections, rule hits, interface statistics. It is built in Rust and backed by ClickHouse. You will own this system end-to-end: the ingestion pipeline, the storage schema, the query layer, and the reliability of the whole thing under sustained write load.

What you will work on

• Build and maintain the telemetry ingestion pipeline: receive high-frequency events from Neurowall agents, batch and write to ClickHouse efficiently
• Design and evolve the ClickHouse schema: partitioning strategy, TTL policies, materialized views for common query patterns
• Write the query layer: time-range queries, per-interface aggregations, top-N flows, anomaly lookups — fast enough for interactive dashboards
• Own reliability: backpressure handling, ingestion lag monitoring, alerting when the pipeline falls behind
• Expose data to internal consumers: REST or gRPC endpoints that the dashboard and alerting systems query
• Profile and optimize hot paths in Rust: allocation patterns, async task scheduling, serialization overhead

What we are looking for

• 2+ years writing production Rust — comfortable with the borrow checker, async/await, and the tokio ecosystem
• Hands-on experience with ClickHouse: table engine selection (MergeTree, SummingMergeTree), insert performance, query optimization
• Understanding of time-series data patterns: high write throughput, low-cardinality aggregations, retention and compaction
• Familiarity with serialization formats used in high-throughput pipelines: Protocol Buffers, MessagePack, or similar
• Strong debugging instincts for performance problems: flamegraphs and ClickHouse query logs, not guesswork

Nice to have

• Prior work on observability or telemetry infrastructure (metrics pipelines, log aggregation, event streaming)
• Experience with other columnar or time-series stores: TimescaleDB, InfluxDB, Apache Parquet
• Familiarity with network telemetry formats: IPFIX, NetFlow, sFlow
• Basic understanding of eBPF or Linux networking — enough to understand the events you are ingesting

What you will own

You take a prospective customer from "we have a demo call" to "it is running in their environment and they understand what it is doing." You own the technical side of the sales process, customer deployments, and the feedback loop back to engineering.

This role sits between engineering and customers. You need enough technical depth to configure Neurowall, read packet captures, and diagnose why a rule is not matching — and enough communication skill to explain what you found to someone who is not an engineer.

What you will work on

• Run technical evaluations: set up Neurowall in prospect environments, walk through capabilities, answer detailed technical questions
• Own customer deployments: initial setup, network integration, rule configuration, interface attachment, VPN peer provisioning
• Write deployment guides and runbooks tailored to specific customer environments (bare metal, cloud VMs, Kubernetes nodes)
• Triage and resolve customer-reported issues: reproduce problems, isolate root causes, escalate to engineering with full context
• Collect and structure product feedback: what is missing, what is confusing, what customers ask for repeatedly
• Build reusable assets: deployment templates, configuration examples, integration scripts

What we are looking for

• 2+ years in solutions engineering, technical sales engineering, or a customer-facing infrastructure role
• Comfortable on Linux: systemd, network interfaces, routing tables, firewall concepts (iptables/nftables familiarity is a plus)
• Solid networking fundamentals: IP addressing, routing, NAT, VLANs, DNS, VPN concepts
• Able to read and interpret packet captures (tcpdump, Wireshark) well enough to diagnose basic connectivity issues
• Clear communicator — written and verbal; you can explain a kernel concept to a non-technical buyer and a configuration issue to an engineer
• Organized under pressure — you can manage multiple customer deployments simultaneously without losing context

Nice to have

• Prior experience with network security products: firewalls, IDS/IPS, VPN gateways
• Familiarity with cloud environments: AWS, GCP, Azure — network topology, security groups, routing
• Basic scripting ability (Python or Bash) for customer-facing automation or diagnostic scripts
• Understanding of eBPF at a conceptual level — enough to explain what XDP does without needing to read the code

What you will own

Neurowall is a complex product. The gap between "it is running" and "the operator understands what it is doing and trusts it" is almost entirely a documentation problem. You will own that gap: the API reference, the deployment guides, the configuration documentation, and the operational runbooks that help engineers and operators get value from Neurowall without needing to ask anyone.

What you will work on

• Write and maintain the API reference: every endpoint, parameter, error code, and example request/response
• Write deployment guides: bare metal, Docker, Kubernetes; from first boot to production-ready configuration
• Write operational runbooks: how to diagnose a blocked rule, how to interpret telemetry, how to recover from a failed HA failover
• Document configuration options: every YAML field, every environment variable, defaults, valid ranges, and what breaks if you get it wrong
• Keep documentation in sync with releases: when engineering ships a new feature, the docs ship with it
• Identify gaps: audit existing docs for accuracy, find what is missing, prioritize based on what customers actually ask about

What we are looking for

• 2+ years writing technical documentation for infrastructure, developer tools, or security products
• Able to read Go code well enough to understand what a function does and document its behavior accurately
• Solid networking fundamentals: you understand what a firewall rule does, what a port is, what NAT means
• Strong, clear prose — no filler, no passive voice, no ambiguity in instructions
• Comfortable working directly with engineers: you ask the right questions and push back when an explanation is unclear
• Organised: you track what needs updating, prioritise ruthlessly, and ship on time

Nice to have

• Prior experience documenting a Linux-based security or networking product
• Familiarity with REST APIs and OpenAPI/Swagger — enough to write and validate API documentation
• Experience with docs-as-code workflows: Markdown, Git, static site generators (Docusaurus, Hugo, MkDocs)
• Basic Linux command-line competence: you can follow your own instructions in a terminal and catch errors before they ship

What you will own

CloudArmour's public presence — primarily LinkedIn, but also technical communities like Hacker News, Reddit (r/netsec, r/linux), and developer forums. You will own the content calendar, the tone of voice, and the pipeline from "something interesting happened in the codebase" to "post that makes engineers stop scrolling."

This role requires genuine technical curiosity. You do not need to write eBPF code, but you do need to understand what it does well enough to explain it to a security engineer who has never heard of Neurowall.

What you will work on

• Own and grow the CloudArmour LinkedIn page: regular posts, article-length deep dives, company updates, product milestones
• Translate technical work into content that lands with security practitioners and engineering leaders
• Write and publish blog posts: product explainers, architecture walkthroughs, threat research, behind-the-scenes engineering stories
• Monitor and engage in relevant communities: eBPF and network security discussions, build presence without spam
• Track what performs: engagement metrics, follower growth, inbound leads attributed to content; report and adjust
• Coordinate with engineering on launch announcements, release notes, and feature highlights
• Source and repurpose content from the team: pull quote-worthy insights, turn a bug fix into a story

What we are looking for

• 2+ years managing social media or content marketing for a technical product (developer tools, security, infrastructure, or networking preferred)
• Strong writer — clear, confident prose with no filler; you can make a kernel concept readable without dumbing it down
• Genuine interest in cybersecurity and networking — you read about DDoS attacks and firewall architecture because you find it interesting
• Comfortable working directly with engineers to extract content ideas; you ask good questions and translate answers into posts
• Organised and self-directed — you manage a content calendar without being chased, and you publish consistently
• Familiarity with LinkedIn content best practices: formatting for feed, engagement hooks, when to use articles vs posts

Nice to have

• Prior experience at a cybersecurity or open-source infrastructure company
• Basic understanding of Linux, networking concepts (firewalls, DDoS, VPN), or cloud infrastructure — enough to fact-check your own content
• Experience with other technical communities: Hacker News, Twitter/X tech audience, dev.to, Substack
• Ability to create simple visuals or diagrams to accompany posts (Figma, Canva, or similar)