About The Role

We are seeking an experienced and passionate Windows Kernel Developers to join our EDR/XDR Agent/Sensor Development Team.

The ideal candidate will have deep expertise in Windows internals, kernel-mode driver development, and C/C++ programming.

You will be part of EDR/XDR agent/sensor development team and responsible for building core components of our EDR/XDR agent/sensor that operates in both user-mode and kernel-mode, focusing on system monitoring, threat detection, and remediation.

What Youll Do At Cyble

• Work along with our senior lead kernel developers and work on design, develop, and maintain Windows kernel-mode drivers for various EDR/XDR modules.
• Write Windows kernel-mode drivers for device management capabilities like USB, Bluetooth device controls.
• Develop user-mode services that interface with kernel drivers for event processing and policy enforcement.
• Implement real-time remediation actions like terminate, delete/quarantine, take & restore system snapshots.
• Debug and resolve BSODs, race conditions, memory leaks, and performance bottlenecks.
• Integrate with backend admin console with different integration methods and data exchange formats like JSON, Protobuf.
• Integrate with Threat Intelligence Systems and other downstream components.
• Collaborate with cross-functional teams (security analysts, product managers, QA) to translate detection use cases into scalable agent capabilities.
  
  

What Youll Need

• Strong proficiency in C and C++, including multithreading and synchronization primitives.
• Deep knowledge of Windows OS internals (kernel objects, memory management, I/O Manager, IRP lifecycle).
• Experience in developing WDM, KMDF, or Minifilter drivers.
• Strong understanding of Windows security architecture, process/thread management, file system architecture, and Registry internals.
• Familiarity with monitoring frameworks.
• Hands-on experience implementing Kernel hooks and callback mechanisms, strong experience in writing user-mode code.
• Experienced in writing components which does YARA rules lookups, experienced in ETW, Sysmon, kernel telemetry pipelines.
• Written kernel / user-mode hooks for any or all of these events like process, library, file system changes, registry changes, device hooks like USB, Bluetooth access controls.
• Proficiency in building remediation components for various threats category.
• Familiarity with debugging tools like WinDbg, Driver Verifier, Blue Screen analysis.
• Understanding of endpoint security concepts, including EDR/XDR product behaviour.
  
  

Cyble Offers

• A dynamic and collaborative work environment.
• Opportunities for learning and career growth.
• Mentorship from experienced developers to guide you in advancing your skills.
  
  

(ref:hirist.tech)