Description :

We are seeking an experienced and passionate Windows Kernel Developers to join our EDR/XDR Agent/Sensor Development Team.

The ideal candidate will have deep expertise in Windows internals, kernel-mode driver development, and C/C++ programming.

You will be part of EDR/XDR agent/sensor development team and responsible for building core components of our EDR/XDR agent/sensor that operates in both user-mode and kernel-mode, focusing on system monitoring, threat detection, and remediation.

What youll Do at Cyble :

- Work along with our senior lead kernel developers and work on design, develop, and maintain Windows kernel-mode drivers for various EDR/XDR modules.

- Write Windows kernel-mode drivers for device management capabilities like USB, Bluetooth device controls.

- Develop user-mode services that interface with kernel drivers for event processing and policy enforcement.

- Implement real-time remediation actions like terminate, delete/quarantine, take & restore system snapshots.

- Debug and resolve BSODs, race conditions, memory leaks, and performance bottlenecks.

- Integrate with backend admin console with different integration methods and data exchange formats like JSON, Protobuf

- Integrate with Threat Intelligence Systems and other downstream components.

- Collaborate with cross-functional teams (security analysts, product managers, QA) to translate detection use cases into scalable agent capabilities.

What youll Need :

- Strong proficiency in C and C++, including multithreading and synchronization primitives.

- Deep knowledge of Windows OS internals (kernel objects, memory management, I/O Manager, IRP lifecycle).

- Experience in developing WDM, KMDF, or Minifilter drivers.

- Strong understanding of Windows security architecture, process/thread management, file system architecture, and Registry internals.

- Familiarity with monitoring frameworks

- Hands-on experience implementing Kernel hooks and callback mechanisms, strong experience in writing user-mode code.

- Experienced in writing components which does YARA rules lookups, experienced in ETW, Sysmon, kernel telemetry pipelines.

- Written kernel / user-mode hooks for any or all of these events like process, library, file system changes, registry changes, device hooks like USB, Bluetooth access controls.

- Proficiency in building remediation components for various threats category.

- Familiarity with debugging tools like WinDbg, Driver Verifier, Blue Screen analysis.

- Understanding of endpoint security concepts, including EDR/XDR product behaviour.

Cyble offers :

- A dynamic and collaborative work environment.

- Opportunities for learning and career growth.

- Mentorship from experienced developers to guide you in advancing your skills