Windows Kernel Developer

Job Description

About The Role We are seeking an experienced and passionate Windows Kernel Developers to join our EDR/XDR Agent/Sensor Development Team. The ideal candidate will have deep expertise in Windows internals, kernel-mode driver development, and C/C++ programming. You will be part of EDR/XDR agent/sensor development team and responsible for building core components of our EDR/XDR agent/sensor that operates in both user-mode and kernel-mode, focusing on system monitoring, threat detection, and remediation. What You’ll Do At Cyble Work along with our senior lead kernel developers and work on design, develop, and maintain Windows kernel-mode drivers for various EDR/XDR modules. Write Windows kernel-mode drivers for device management capabilities like USB, Bluetooth device controls. Develop user-mode services that interface with kernel drivers for event processing and policy enforcement. Implement real-time remediation actions like terminate, delete/quarantine, take & restore system snapshots. Debug and resolve BSODs, race conditions, memory leaks, and performance bottlenecks. Integrate with backend admin console with different integration methods and data exchange formats like JSON, Protobuf Integrate with Threat Intelligence Systems and other downstream components. Collaborate with cross-functional teams (security analysts, product managers, QA) to translate detection use cases into scalable agent capabilities. What You’ll Need Strong proficiency in C and C++, including multithreading and synchronization primitives. Deep knowledge of Windows OS internals (kernel objects, memory management, I/O Manager, IRP lifecycle). Experience in developing WDM, KMDF, or Minifilter drivers. Strong understanding of Windows security architecture, process/thread management, file system architecture, and Registry internals. Familiarity with monitoring frameworks Hands-on experience implementing Kernel hooks and callback mechanisms, strong experience in writing user-mode code. Experienced in writing components which does YARA rules lookups, experienced in ETW, Sysmon, kernel telemetry pipelines. Written kernel / user-mode hooks for any or all of these events like process, library, file system changes, registry changes, device hooks like USB, Bluetooth access controls. Proficiency in building remediation components for various threats category. Familiarity with debugging tools like WinDbg, Driver Verifier, Blue Screen analysis. Understanding of endpoint security concepts, including EDR/XDR product behaviour. Cyble offers A dynamic and collaborative work environment. Opportunities for learning and career growth. Mentorship from experienced developers to guide you in advancing your skills. About Cyble Cyble is revolutionizing the landscape of cybersecurity intelligence. Founded in 2019, Cyble began as a visionary college project and has quickly transformed into a leading force in proactive cyber threat detection and mitigation, that is now globally significant, with people in 20 countries - Headquartered in Alpharetta, Georgia, and with offices in Australia, Malaysia, Singapore, Dubai, Saudi Arabia and India Our mission is clear: to provide visibility, intelligence and cybersecurity protection using cutting-edge advanced technology, giving enterprises a powerful advantage. We democratize real-time intelligence about cyber threats and vulnerabilities, enabling organizations to take proactive measures and maintain robust cybersecurity. We strive to make the digital world a safer place for everyone. At Cyble, artificial intelligence (AI) and innovation are central to all operations, with a commitment to continuous improvement and excellence in both products and business practices. Cyble values inclusivity, offering team members autonomy and flexibility to balance their professional and personal lives. Cyble fosters a culture where employees voices are heard, contributions are recognized, and everyone is encouraged to be part of something extraordinary. To learn more about Cyble, visit www.cyble.com.