Senior Windows Internals Engineer

About the Role:

We’re looking for a Senior Windows Internals Engineer to join our Endpoint team and help build the core technology behind Cybereason’s Windows agent. In this role, you’ll design and implement low-level Windows components, including kernel drivers and user-mode services, that power advanced threat detection and response capabilities. You’ll work closely with security researchers, sensor developers, and platform engineers to ensure our agent is stable, stealthy, and performant across all supported environments.

This role demands strong C++ expertise, deep knowledge of Windows OS internals, and a passion for building secure, high-impact software.

Key Responsibilities:

• Design and develop low-level components for the Windows endpoint sensor, focusing on stability, performance, and stealth
  
  
• Build drivers and user-mode services that collect, filter, and analyze endpoint telemetry
  
  
• Implement robust techniques for process/thread monitoring, registry tracking, file system interception, and network event visibility
  
  
• Debug complex kernel-mode and user-mode issues across Windows versions
  
  
• Collaborate with researchers and product teams to translate threat intelligence into product features
  
  
• Conduct code reviews, mentor engineers, and contribute to architecture decisions
  
  
• Stay current with Windows internals, security trends, and system programming practices
  
  

Required Qualifications:

• 5+ years of hands-on experience in C++ development (C++11 or later)
  
  
• In-depth understanding of Windows internals: kernel architecture, system calls, memory management, drivers
  
  
• Proven experience in kernel-mode development (e.g., Windows Drivers, Windows Filtering Platform, minifilters, ETW)
  
  
• Strong debugging and reverse engineering skills (WinDbg, Process Monitor, Process Explorer, IDA/Ghidra)
  
  
• Familiarity with Windows security mechanisms: integrity levels, UAC, AppLocker, and secure boot
  
  
• Experience using Visual Studio, Windows Driver Kit (WDK), and related build/debug environments
  
  

Preferred Qualifications:

• Experience building or contributing to endpoint security products (EDR, AV, EPP, etc.)
  
  
• Familiarity with Windows telemetry, event logs, Sysmon, and ETW tracing
  
  
• Experience with malware analysis, Windows exploit techniques, or SOC/DFIR workflows
  
  
• Scripting capabilities in PowerShell or Python for automation and testing
  
  
• Understanding of kernel-mode security evasion techniques and defenses
  
  
• Background in code signing, driver deployment, and secure update mechanisms
  
  
• Bachelor’s degree in Computer Science, Software Engineering, or equivalent experience
  
  

What We Offer:

• Competitive salary and comprehensive benefits package
  
  
• Flexible working hours with remote work options
  
  
• Opportunities for professional growth and continuous learning
  
  
• A collaborative and innovative team culture

#LI-Remote