We’re looking for a Senior Windows Internals Engineer to join our Endpoint team and help build the core technology behind Cybereason’s Windows agent. In this role, you’ll design and implement low-level Windows components, including kernel drivers and user-mode services, that power advanced threat detection and response capabilities. You’ll work closely with security researchers, sensor developers, and platform engineers to ensure our agent is stable, stealthy, and performant across all supported environments.
This role demands strong C++ expertise, deep knowledge of Windows OS internals, and a passion for building secure, high-impact software.
Key Responsibilities:
- Design and develop low-level components for the Windows endpoint sensor, focusing on stability, performance, and stealth
- Build drivers and user-mode services that collect, filter, and analyze endpoint telemetry
- Implement robust techniques for process/thread monitoring, registry tracking, file system interception, and network event visibility
- Debug complex kernel-mode and user-mode issues across Windows versions
- Collaborate with researchers and product teams to translate threat intelligence into product features
- Conduct code reviews, mentor engineers, and contribute to architecture decisions
- Stay current with Windows internals, security trends, and system programming practices
- 5+ years of hands-on experience in C++ development (C++11 or later)
- In-depth understanding of Windows internals: kernel architecture, system calls, memory management, drivers
- Proven experience in kernel-mode development (e.g., Windows Drivers, Windows Filtering Platform, minifilters, ETW)
- Strong debugging and reverse engineering skills (WinDbg, Process Monitor, Process Explorer, IDA/Ghidra)
- Familiarity with Windows security mechanisms: integrity levels, UAC, AppLocker, and secure boot
- Experience using Visual Studio, Windows Driver Kit (WDK), and related build/debug environments
- Experience building or contributing to endpoint security products (EDR, AV, EPP, etc.)
- Familiarity with Windows telemetry, event logs, Sysmon, and ETW tracing
- Experience with malware analysis, Windows exploit techniques, or SOC/DFIR workflows
- Scripting capabilities in PowerShell or Python for automation and testing
- Understanding of kernel-mode security evasion techniques and defenses
- Background in code signing, driver deployment, and secure update mechanisms
- Bachelor’s degree in Computer Science, Software Engineering, or equivalent experience
- Competitive salary and comprehensive benefits package
- Flexible working hours with remote work options
- Opportunities for professional growth and continuous learning
- A collaborative and innovative team culture
More About Cybereason:
Our culture and how we operate reflects in our shared values. Our #Defenders are individuals with diverse skill sets and backgrounds who are driven to innovate and scale with our growing organization. We are a team that strives to learn from each other, solve challenging problems, and work collaboratively toward our goal of reversing the adversary advantage.
Core Values:
- Win As One: The power of an individual is less than the power of a team.
- Ever Evolving: Change keeps us at the forefront, so we encourage it.
- Daring: To achieve the impossible, we must dare to be different.
- Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
- Never Give Up: We are tenacious and resilient, and we never stop.
- UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.
If these values resonate with you and our vision excites you, join us today and help us end cyber attacks from the endpoint to everywhere! #Defenders
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Cybereason we are dedicated to building a diverse, inclusive, and authentic workplace (#uBu), so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.
Top Skills
What We Do
Cybereason is the champion for today’s cyber defenders providing future-ready protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. Our platform combines the industry’s top-rated detection and response, next-gen anti-virus, and proactive threat hunting to deliver context-rich analysis of every element of a malicious operation.
Why Work With Us
We take on each day knowing we are doing something that is worth our time, passion and brain power, and we believe that we can only solve some of the world’s most complex technology challenges by unlocking the full talents of everyone within our organization.
Gallery
