Who We Are
The development of Suricata is a combined effort of OISF employees and contractors, developers who work for 3rd party companies and individuals who help out in their free time.
How We Work
At OISF we work on Suricata as a virtual team. Currently our team resides across Europe, India and North America, but we welcome new team members in other parts of the world as well. Operating as a virtual team means everyone works from home or their own office space, in their own timezone. We communicate mostly by chat, email and phone calls.
Each year we come together twice in person to work and reconnect. First is our annual team meeting, a 3-day mandatory meeting where we get together to brainstorm, socializing, etc. The location of this meeting varies from year to year but is typically held in either Europe or North America. Second, the team meets a few days prior to SuriCon, our annual user conference – the location once again varies from year to year but is typically held the end of October or early November. In addition, we also meet up at Suricata training events and conferences.
The development process itself revolves around our Redmine instance and Github and happens for the largest part in the open. This means that team members submit pull requests to our Github repositories, others review it, etc. This makes working on this project something that is highly visible to the community and larger industry. We do this because we believe in open source, but also to invite the larger community to help and contribute at every stage of development.
A core aspect of our work is that we’re all part of, and interacting with, a growing and healthy open source community. This community consists of users of Suricata, from novice home users to expert corporate and government users, developers of Suricata, traffic and malware researchers, intel developers, and 3rd party tooling developers. The OISF team members are essential to the success of this community helping to foster new people to join, monitoring the health of the community, and raising issues if they arise.
- speak at conferences as a representative of OISF and Suricata
- get involved in trainings as a trainer
- decent English, both written and spoken
- able & willing to travel twice a year for the team meeting and SuriCon (normally in the EU/USA)
How to apply
There are several ways to apply. You can send us your resume. Make sure to include FOSS experience (if any) and also specify what you are looking for in this work. Send your email to <info AT oisf DOT net>, or reach our through Contact
You can also join the community as a volunteer contributor first. Start helping out in the community, with documentation, bugs, feature development, etc. Please let the team know you’re willing to join, so that we can help you with feedback and guidance on those tasks.
Core Suricata Developers
These roles/jobs are for work on the Suricata program itself. Suricata is written mostly in C, which a growing share of Rust code.
Required: C or Rust (able to write and debug basic programs)
Plus: suricata/snort/bro, infosec in general
Part Time (16h/w+) or Full time
Tasks: develop Suricata, triage & analyze bugs reported by users, fix or escalate bugs, develop new features.
Learning opportunities: learn how to use and support Suricata. Learn interaction with open source community. Learn operating in a virtual team. Improve C skills. Learn to use Lua, Python and Rust. Attend various Suricata trainings, both for users and developers.
This person works to fix bugs, and develop new features of limited size and complexity. Also assist other developers with their larger change sets. Together with ‘support staff’ triage bugs, fixing them where possible or escalating them where necessary.
Day to day workflow: working under guidance of Management & Senior level devs. Work on high priority tickets.
Required: One or more years of C or Rust and Python
Required: infosec experience
Part Time (16h/w+) or Full time
Tasks: develop Suricata, assist ‘junior’ in triaging bugs. Develop new features. Perform code review for team and community contributions.
Learning opportunities: same as ‘junior’, plus: code reviews, designing features and/or solutions to issues. Work independently. Attend various Suricata trainings, both for users and developers. Assist trainers.
Growth opportunities: opportunity to grow into subsystem maintainer. Starting by maintaining smaller components within a subsystem.
This person works to fix more complex bugs and develops new features under guidance of management. SuriCon roadmap is leading here. Assist ‘junior’ in fixing issues.
Required: 5+ years C. Be able to interact with community easily. Work independently. Perform code reviews.
Plus: 1+ Rust, 3+ Python.
Plus: already made contributions to Suricata’s code base
Full time (32h/w+)
Tasks: develop complex new features. Refactoring of subsystems. Maintain one or more subsystems (e.g. ‘packet capture’, or ‘stream engine’). Perform code reviews for team and community. Assist team in triaging complex bugs/issues. Help improve development processes and overall quality of the project.
Growth opportunities: become a (dev) trainer. Become part of leadership team. Help guide & interact with advisory council. Present work at SuriCon and 3rd party conferences as an OISF representative or personally where applicable.
This person works on major new features such as new detection capabilities, complex new protocols and performance optimizations. The Suricata roadmap as created at the SuriCon conference determines for a large part what we work on. Suggest and discuss designs and design choices. Assist rest of the team in addressing complex issues, helping with code review.
Supporting Development Roles
While Suricata is a mix of C and Rust, there is lots of additional tooling written in Python. Some of these tools are intended to be used by end users, others are for QA.
Python Engineer (part time)
Required skills: Python, Linux/Unix
Plus: experience with Suricata/Snort/Bro
Tasks: develop, maintain and support suricata-update, suricatasc, suricatactl, suricata-verify
Suricata has several Python based tools in its ecosystem to manage various components. The most important is suricata-update, the rule/intel updater.
Suricatasc is used to interacting with Suricata over Unix Socket, while suricatactl is a new tool to manage various parts of the Suricata output.
QA engineer (part time)
Required skills: Python, Linux/Unix, Bash, CI tools (e.g. buildbot, jenkins, gitlab-ci)
Plus: experience with Suricata/Snort/Bro/tcpdump/wireshark
Plus: experience with development tools like gcc, clang, scan-build, fuzz testing and/or other relevant code quality tools
Tasks: develop and maintain suricata-verify, help manage the Suricata CI efforts and implement security related QA steps.
Suricata-verify is a Python tool to streamline testing many features of Suricata. Both the tool itself, and development of new test cases, is part of this. On the CI side Suricata uses a mix of public tools, such as Travis CI and AppVeyor, combined with private tools and tests, such as a buildbot instance.
Support Engineer (part time)
Required skills: Suricata, Linux/Unix, good communicator via email, chat and phone.
Plus: experience in open source communities
Plus: experience with doing professional support
Tasks: First responder to support requests in the redmine ticketing, on the mailing lists and through our other public and private support channels such as the official commercial Support program that is currently in a pilot phase.
Update FAQ documents and general documentation based on questions and feedback. Triage issues, collect necessary information for further processing.
If you have questions or want to apply, please email us at <info AT oisf DOT net>, or reach out to us through Contact