About The Role
We are seeking an experienced and passionate Windows Kernel Developers to join our EDR/XDR Agent/Sensor Development Team. The ideal candidate will have deep expertise in Windows internals, kernel-mode driver development, and C/C++ programming. You will be part of EDR/XDR agent/sensor development team and responsible for building core components of our EDR/XDR agent/sensor that operates in both user-mode and kernel-mode, focusing on system monitoring, threat detection, and remediation.
What You’ll Do At Cyble
- Work along with our senior lead kernel developers and work on design, develop, and maintain Windows kernel-mode drivers for various EDR/XDR modules.
- Write Windows kernel-mode drivers for device management capabilities like USB, Bluetooth device controls.
- Develop user-mode services that interface with kernel drivers for event processing and policy enforcement.
- Implement real-time remediation actions like terminate, delete/quarantine, take & restore system snapshots.
- Debug and resolve BSODs, race conditions, memory leaks, and performance bottlenecks.
- Integrate with backend admin console with different integration methods and data exchange formats like JSON, Protobuf
- Integrate with Threat Intelligence Systems and other downstream components.
- Collaborate with cross-functional teams (security analysts, product managers, QA) to translate detection use cases into scalable agent capabilities.
What You’ll Need
- Strong proficiency in C and C++, including multithreading and synchronization primitives.
- Deep knowledge of Windows OS internals (kernel objects, memory management, I/O Manager, IRP lifecycle).
- Experience in developing WDM, KMDF, or Minifilter drivers.
- Strong understanding of Windows security architecture, process/thread management, file system architecture, and Registry internals.
- Familiarity with monitoring frameworks
- Hands-on experience implementing Kernel hooks and callback mechanisms, strong experience in writing user-mode code.
- Experienced in writing components which does YARA rules lookups, experienced in ETW, Sysmon, kernel telemetry pipelines.
- Written kernel / user-mode hooks for any or all of these events like process, library, file system changes, registry changes, device hooks like USB, Bluetooth access controls.
- Proficiency in building remediation components for various threats category.
- Familiarity with debugging tools like WinDbg, Driver Verifier, Blue Screen analysis.
- Understanding of endpoint security concepts, including EDR/XDR product behaviour.
Cyble offers
- A dynamic and collaborative work environment.
- Opportunities for learning and career growth.
- Mentorship from experienced developers to guide you in advancing your skills.
About Cyble
Cyble is revolutionizing the landscape of cybersecurity intelligence. Founded in 2019, Cyble began as a visionary college project and has quickly transformed into a leading force in proactive cyber threat detection and mitigation, that is now globally significant, with people in 20 countries - Headquartered in Alpharetta, Georgia, and with offices in Australia, Malaysia, Singapore, Dubai, Saudi Arabia and IndiaOur mission is clear: to provide visibility, intelligence and cybersecurity protection using cutting-edge advanced technology, giving enterprises a powerful advantage. We democratize real-time intelligence about cyber threats and vulnerabilities, enabling organizations to take proactive measures and maintain robust cybersecurity. We strive to make the digital world a safer place for everyone.At Cyble, artificial intelligence (AI) and innovation are central to all operations, with a commitment to continuous improvement and excellence in both products and business practices. Cyble values inclusivity, offering team members autonomy and flexibility to balance their professional and personal lives. Cyble fosters a culture where employees voices are heard, contributions are recognized, and everyone is encouraged to be part of something extraordinary. To learn more about Cyble, visit www.cyble.com.
