Senior Software / Systems Engineer - iOS / C++ (contractor)
Contractor work model: Remote (EST)

Engagement Summary

About the Project

Your Role

• Cross-compile OpenVPN 3 and its dependencies (mbedTLS, standalone ASIO, LZ4) for iOS arm64, including both device and simulator targets
• Subclass OpenVPNClient from the OpenVPN 3 client API and implement the TunBuilder interface (tunnel configuration, routes, DNS, MTU, gateway, dual-stack IPv4 and IPv6)
• Implement the bidirectional packet I/O loop between NEPacketTunnelFlow and OpenVPN 3''s encryption pipeline. The adapter owns this loop internally; the Swift side never sees individual packets.
• Validate and tune OpenVPN 3''s built-in ASIO transport inside the Network Extension sandbox, including network-transition handling (WiFi to cellular, airplane mode, path changes) and dual-stack edge cases
• Ensure thread safety across ASIO''s event loop, NEPacketTunnelFlow completion handlers, and delegate dispatching back to Swift
• Optimize allocations to stay within the 50 MB Network Extension memory ceiling on iOS 17 through buffer pooling, bounded queues, lazy initialization, and allocation profiling with Instruments
• Contain all C++ exceptions at the adapter boundary and translate errors to the Swift-facing delegate protocol
• Implement the connection lifecycle (connect, disconnect, pause, resume) and accurate byte-count statistics
• Emit structured logs that the Swift container app can surface to the user and bundle for diagnostics
• Expose a narrow Objective-C delegate header that the Swift Network Extension target imports via a standard Xcode bridging header. You define this interface; the Swift side of the project team implements the delegate methods.

• Write unit and integration test scaffolding for the adapter module, primarily landing during the tail end of the primary phase and refined as QA surfaces gaps
• Profile memory usage under sustained load with Instruments and address any issues the profiling surfaces, including packet bursts and extended connection durations
• Fix bugs and iterate through the stabilization phase alongside the rest of the project team. Retainer hours ramp with QA activity: lighter load during weeks 9 and 10 while the Swift developers finish integration, heavier during weeks 11 through 14 when QA hits the adapter with network transition tests (WiFi to cellular to airplane), captive portal handling, and memory profiling
• Remain available for synchronous pairing sessions when QA finds race conditions, packet I/O edge cases, or thread-safety issues that require your context to diagnose efficiently

• Strong modern C++ (C++17, which is the pinned dialect for this project): comfortable with templates, the STL, RAII, smart pointers, concurrency primitives, and exception-safe design
• Shipped at least one iOS framework, library, or app that integrates a C++ codebase. You have seen an Xcode project with mixed .cpp, .hpp, .mm, and .h files and understand how they link together.
• Comfortable with Objective-C++ (.mm) or willing to pick it up quickly. If you know C++ and can read Objective-C message-send syntax, you can write .mm productively within a day or two.
• Xcode build system proficiency: cross-compilation targets, static library linking, framework packaging, build settings for C++ standard and ARC
• Familiarity with Apple''s Automatic Reference Counting (ARC) and how it interacts with C++ object lifetimes inside .mm files
• Debugging experience in constrained environments: iOS app extensions, embedded systems, browser sandboxes, or similar places where standard debugging tools are limited 

Highly Valued (Not Required)

• Direct experience with the OpenVPN 3 client library, or with other C++ VPN or tunneling libraries (WireGuard, strongSwan, OpenConnect)
• Hands-on work with Apple''s Network Extension framework, particularly NEPacketTunnelProvider and NEPacketTunnelFlow
• Experience cross-compiling C++ dependencies for iOS arm64 (mbedTLS, OpenSSL, Boost, ASIO, FFmpeg, OpenCV, or similar)
• Prior work on iOS VPN, network security, packet processing, or protocol implementation products
• Familiarity with ASIO (standalone or Boost.Asio) and its event loop model
• Knowledge of the OpenVPN protocol (control channel, data channel, TLS handshake, push/pull options)

System One, and its subsidiaries including Joulé and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

#M-2
#LI-CB5