Overview
Client is seeking a senior-level Linux Kernel Engineer to design and implement a kernel-level offload solution in a secure, high-performance Linux environment. This role will focus on intercepting VFS read/write operations, pinning user memory pages, building scatter-gather DMA tables, and offloading data to a cryptographic accelerator such as a hardware engine or user-space process. The engineer will work closely with hardware, security, and software teams to deliver a stable and compliant solution that meets strict coding, security, and regulatory standards.
Core Responsibilities
- Design, develop, build, and debug Linux kernel modules in C
- Implement kernel-level solutions that intercept VFS read/write operations
- Pin user memory pages and manage memory cleanup safely and efficiently
- Build and manage scatter-gather DMA tables for secure data offload
- Integrate with cryptographic accelerators, hardware engines, or user-space processes
- Partner with hardware, software, and security teams to define and deliver the offload path
- Ensure kernel-space code follows secure coding practices, including proper error handling, race condition prevention, and memory safety
- Support testing, profiling, troubleshooting, and performance tuning of kernel modules
- Produce clear technical documentation and contribute to design reviews and cross-functional discussions
- Develop solutions that align with Client coding standards and regulatory requirements
Essential Qualifications, Skills, and Technologies
- Professional experience developing, building, and debugging Linux kernel modules
- Strong systems-level C programming skills
- Experience with Linux kernel development tools such as kbuild and/or DKMS
- Strong knowledge of Linux internals, including process scheduling, memory management, and synchronization primitives
- Experience with secure kernel-space development and defensive coding practices
- Familiarity with SELinux, AppArmor, or similar Linux Security Module frameworks
- Experience producing technical documentation and collaborating across engineering teams
- Must already have an active security clearance
Preferred Skills or Experience
- Experience implementing handlers around VFS entry points such as vfs_read and vfs_write
- Experience with kprobe and kretprobe
- Hands-on work with pin_user_pages_fast, get_user_pages, and pin count cleanup
- Experience building and populating struct sg_table or struct scatterlist
- Experience with dma_map_sg and dma_unmap_sg
- Knowledge of the Linux Crypto API, including async request handling
- Experience with kernel keyrings, keyctl, request_key, or external KMS/HSM integrations
- Experience designing kernel-to-user-space communication through netlink, character devices, ioctl, or shared memory
- Testing and profiling experience using kselftest, kunit, perf, ftrace, or bpftrace
- Experience with hardware crypto offload technologies such as QAT, TrustZone, FPGA-based accelerators, or similar
- Contributions to Linux kernel subsystems such as VFS, Crypto, or DMA engine
- Exposure to trusted execution environments or secure enclave technologies such as OP-TEE or SGX
- Familiarity with DPDK or other high-performance user-space I/O frameworks
- Prior experience in aerospace, defense, or other regulated environments
- Relevant certifications such as LFCE, CISSP, GSEC, or hardware security training
Work Details
- Location: Owego, NY
- Work Arrangement: 100% onsite
Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.