Senior Windows Internals Engineer

Summary

Join Cybereason's Endpoint team as a Senior Windows Internals Engineer to design and implement low-level Windows components for advanced threat detection. You will build kernel drivers and user-mode services, focusing on stability, performance, and stealth. Collaborate with security researchers and other engineers to ensure the agent's effectiveness across various environments. This role requires strong C++ expertise and deep knowledge of Windows OS internals. You will debug complex issues, conduct code reviews, and mentor other engineers. Staying current with Windows internals and security trends is crucial.

Requirements

• 5+ years of hands-on experience in C++ development (C++11 or later)
• In-depth understanding of Windows internals: kernel architecture, system calls, memory management, drivers
• Proven experience in kernel-mode development (e.g., Windows Drivers, Windows Filtering Platform, minifilters, ETW)
• Strong debugging and reverse engineering skills (WinDbg, Process Monitor, Process Explorer, IDA/Ghidra)
• Familiarity with Windows security mechanisms: integrity levels, UAC, AppLocker, and secure boot
• Experience using Visual Studio, Windows Driver Kit (WDK), and related build/debug environments

Responsibilities

• Design and develop low-level components for the Windows endpoint sensor, focusing on stability, performance, and stealth
• Build drivers and user-mode services that collect, filter, and analyze endpoint telemetry
• Implement robust techniques for process/thread monitoring, registry tracking, file system interception, and network event visibility
• Debug complex kernel-mode and user-mode issues across Windows versions
• Collaborate with researchers and product teams to translate threat intelligence into product features
• Conduct code reviews, mentor engineers, and contribute to architecture decisions
• Stay current with Windows internals, security trends, and system programming practices

Preferred Qualifications

• Experience building or contributing to endpoint security products (EDR, AV, EPP, etc.)
• Familiarity with Windows telemetry, event logs, Sysmon, and ETW tracing
• Experience with malware analysis, Windows exploit techniques, or SOC/DFIR workflows
• Scripting capabilities in PowerShell or Python for automation and testing
• Understanding of kernel-mode security evasion techniques and defenses
• Background in code signing, driver deployment, and secure update mechanisms
• Bachelor’s degree in Computer Science, Software Engineering, or equivalent experience

Benefits

• Competitive salary and comprehensive benefits package
• Flexible working hours with remote work options
• Opportunities for professional growth and continuous learning
• A collaborative and innovative team culture