System One is a leader in delivering outsourced services and workforce solutions across North America. They are seeking a Senior Software Engineer to design and build the OpenVPN 3 tunnel adapter for an iOS VPN application, taking ownership of a self-contained Objective-C++ module that integrates with Apple's Network Extension framework.
Responsibilities:
- Cross-compile OpenVPN 3 and its dependencies (mbedTLS, standalone ASIO, LZ4) for iOS arm64, including both device and simulator targets
- Subclass OpenVPNClient from the OpenVPN 3 client API and implement the TunBuilder interface (tunnel configuration, routes, DNS, MTU, gateway, dual-stack IPv4 and IPv6)
- Implement the bidirectional packet I/O loop between NEPacketTunnelFlow and OpenVPN 3's encryption pipeline. The adapter owns this loop internally; the Swift side never sees individual packets
- Validate and tune OpenVPN 3's built-in ASIO transport inside the Network Extension sandbox, including network-transition handling (WiFi to cellular, airplane mode, path changes) and dual-stack edge cases
- Ensure thread safety across ASIO's event loop, NEPacketTunnelFlow completion handlers, and delegate dispatching back to Swift
- Optimize allocations to stay within the 50 MB Network Extension memory ceiling on iOS 17 through buffer pooling, bounded queues, lazy initialization, and allocation profiling with Instruments
- Contain all C++ exceptions at the adapter boundary and translate errors to the Swift-facing delegate protocol
- Implement the connection lifecycle (connect, disconnect, pause, resume) and accurate byte-count statistics
- Emit structured logs that the Swift container app can surface to the user and bundle for diagnostics
- Expose a narrow Objective-C delegate header that the Swift Network Extension target imports via a standard Xcode bridging header. You define this interface; the Swift side of the project team implements the delegate methods
- Write unit and integration test scaffolding for the adapter module, primarily landing during the tail end of the primary phase and refined as QA surfaces gaps
- Profile memory usage under sustained load with Instruments and address any issues the profiling surfaces, including packet bursts and extended connection durations
- Fix bugs and iterate through the stabilization phase alongside the rest of the project team
- Remain available for synchronous pairing sessions when QA finds race conditions, packet I/O edge cases, or thread-safety issues that require your context to diagnose efficiently
Requirements:
- Strong modern C++ (C++17, which is the pinned dialect for this project): comfortable with templates, the STL, RAII, smart pointers, concurrency primitives, and exception-safe design
- Shipped at least one iOS framework, library, or app that integrates a C++ codebase. You have seen an Xcode project with mixed .cpp, .hpp, .mm, and .h files and understand how they link together
- Comfortable with Objective-C++ (.mm) or willing to pick it up quickly. If you know C++ and can read Objective-C message-send syntax, you can write .mm productively within a day or two
- Xcode build system proficiency: cross-compilation targets, static library linking, framework packaging, build settings for C++ standard and ARC
- Familiarity with Apple's Automatic Reference Counting (ARC) and how it interacts with C++ object lifetimes inside .mm files
- Debugging experience in constrained environments: iOS app extensions, embedded systems, browser sandboxes, or similar places where standard debugging tools are limited
- Direct experience with the OpenVPN 3 client library, or with other C++ VPN or tunneling libraries (WireGuard, strongSwan, OpenConnect)
- Hands-on work with Apple's Network Extension framework, particularly NEPacketTunnelProvider and NEPacketTunnelFlow
- Experience cross-compiling C++ dependencies for iOS arm64 (mbedTLS, OpenSSL, Boost, ASIO, FFmpeg, OpenCV, or similar)
- Prior work on iOS VPN, network security, packet processing, or protocol implementation products
- Familiarity with ASIO (standalone or Boost.Asio) and its event loop model
- Knowledge of the OpenVPN protocol (control channel, data channel, TLS handshake, push/pull options)