Working on Cuckoo Sandbox

Interested in open source, development, and security? Interested in developing software used by thousands of researchers, threat intelligence teams, CERT‘s, and government institutions worldwide? We have a number of available positions for full time developer(s) as well as for students!

For all of these positions you will be guided through the initial steps and we will be providing you with a complete picture of the project while we take steps forward together. Depending on the role we will be brainstorming on possible ways to implement and/or assess various situations while working towards a set of goals with the entire team.

Cuckoo Sandbox is a complex project with many angles translating very low-level information to a higher-level representation and touching a whole range of interesting technologies in the process of doing so. For this reason it is of upmost importance that you are passionate about your work rather than being the best in X (although that may of course be a bonus for certain roles). Keep in mind that you don’t need to be an expert in computer security to perform awesome work on Cuckoo Sandbox!

Note that the roles described below are 95% research and development and that the rest of your time is spent showing us the awesome progress that you’ve made, brainstorming with us on things that you think should be put on the roadmap (and actually get to do those!), etc. If you enjoy R&D as much as we do, you will surely be a good fit for our team!

Living in the Netherlands is highly preferable for the full time jobs, although we’ll do our best to be as flexible as possible. You will mostly be working from home, though!

Windows Kernel Driver developer (fulltime)

Excited to bring Cuckoo Sandbox to the next level by implementing kernel-based analysis platform? We have an open job position for full time Windows Kernel Driver development. You’ll be working on further improving zer0m0n and its integration in Cuckoo. Strong knowledge of C & Microsoft kernel internals is required. Decent Python would be a plus.

Multiple Google Summer of Code internships

We’re looking for two students to help us out during Google Summer of Code. This is a great way to learn a complex but widely used project while working on interesting problems. For more information, please see our two entries at The Honeynet Project.

Backend Python Developer (fulltime)

We’re looking for a backend Python developer who will assist us with the development of new features and changes to the Cuckoo Core. As backend Python developer you’ll be responsible for expanding the capabilities provided by Cuckoo Sandbox while maintaining backwards compatibility with its original use-cases. Good experience with Python, performance issues, and databases is a pre.

Scaling & Performance Engineer (fulltime)

With Cuckoo Sandbox growing as a project and with goals to expand further on more analyses and thus more data processing, it is necessary that the different components of Cuckoo Sandbox remain as fast as possible while also implementing speedups in different areas such as migrating CPU-intensive code to Cython, rethinking the database model, architecturally approaching a simplified and/or faster processing model, etc.

As the core of this position still revolves mostly around Python development, good experience with Python, insights about performance-related issues and how to solve them, and a good understanding of database models and technologies is a must.

Unit testing expert (fulltime)

We have started working on adding more unit tests, so to automatically verify that certain core features are working as expected. By building more unit tests and maintaining existing unit tests Cuckoo Sandbox will be able to verify that features which worked at some point in the past are still fully working in the latest and greatest releases.

Through continuous testing we aim to further professionalize our sandbox. In fact, our target is that for every change to the Cuckoo Core, additional unit tests are written to ensure that the changes are working as promoted.

This position requires at least basic knowledge of Python. Knowledge about other scripting languages (e.g., VBA as used in Microsoft Office Macro’s) as well as functional tests are a pre. Bonus points for being able to setup and maintain a browser-based unit testing framework that we currently don’t have in-place (i.e., unit testing our javascript and CSS changes).

You will be in charge of implementing new unit tests, the creation of sample applications that will be used to test a wide variety of features in Cuckoo’s monitoring component (e.g., if a script opens "" in a Microsoft Word Macro, does the analysis report show this information?)

Long term analysis intern (student)

Cuckoo Sandbox has been able to provide longterm analysis capabilities since a year or two now. However, those engineering efforts have been separated from the official Cuckoo repository. The time has come to merge the longcuckoo repository into the upstream Cuckoo repository. However, this causes various big Cuckoo core changes, and as such is non-trivial.

Your task while working on long term analysis integration with upstream Cuckoo will lay around taking the good elements from longcuckoo and implementing new and related features. A more comprehensive API will have to be developed that allows us to do apply signatures at runtime, extend or terminate the time of a longterm analysis, add basic logging during longterm analysis, etc.

For this role decent Python knowledge is required. Knowledge of C and the Windows internals is a bonus (may one wish to improve the Cuckoo Monitor).

Automated Unpacking Strategies (student)

This internship revolves around the creation, integration, and testing of new and 3rd party unpacking utilities. The goal is to extract more information out of existing and new analysis capabilities. Interested in research on configuration extraction for specific samples? Interested in dumping the actual sample payload rather than its outer layer(s)? Then this internship is right up your alley. For this role domain-specific knowledge on the matter is a must, but how you’d like to approach it is all up to you!

Python 2 vs 3 intern (student)

Due to continuous requests when Cuckoo Sandbox will be able to run on Python 3 we’re opening an internship around just that. Don’t expect to finish within a few months, as this is quite the project. Python 3 support for Cuckoo also requires that certain (we can leave out most to start off) Python dependencies are to be ported to support Python 3.

As there are quite some subtle differences between Python 2 and Python 3 this internship requires somebody with decent Python experience. Note that, aside from actually porting the code, all of the ported code will be requiring unit tests (see also the unit test intern application above). This being due to the tricky nature of the Python 2 and 3 subtle differences.

Something else?

Has your dream job not been listed above? Please tell us what you’d like to work on and create your own job! Simply reach out to us with information on what you’d like to work on and how this benefits Cuckoo Sandbox, and you may just find yourself ending up with a Cuckoo Sandbox development position.


Interested in one of the positions above? Please reach out to us at! Note that we accept students globally.