About the Role
The Role This is the first Linux Team Lead hire on the platform — you'll set the technical direction for Linux endpoint security, build the team from the ground up, and stay deeply hands-on in C/C++ at the kernel boundary. The Linux track is being established now; the architectural decisions are yours. About the Product A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system. The Stack: Linux as the primary development surface for this track — eBPF for tracing and security enforcement, kernel modules where deeper integration is needed, LSM hooks (SELinux / AppArmor / BPF-LSM), netfilter, namespaces and cgroups. Modern C++ (C++17/20) throughout. Defensive engineering against real attacker tradecraft. What You’ll Be Doing Lead the design and development of low-level Linux security components in modern C++ (C++17/20) — both architecture decisions and personal contribution Drive the technical direction for endpoint protection on Linux — eBPF programs, kernel modules, LSM integration, netfilter hooks, container isolation primitives Build security-sensitive code that interacts with Linux internals: processes, memory, VFS, IPC, networking, namespaces, cgroups Hire, mentor, and grow the Linux engineering team — code reviews, technical guidance, recruiting Reverse-engineer and analyze attacker techniques on Linux, then translate them into detection and prevention Reason about correctness, safety, and performance in multithreaded environments where failures are security failures Participate in cross-platform architecture as macOS and Windows scopes evolve What We Expect Must-Have 7+ years of low-level systems or security engineering experience Proven leadership or mentorship — formal Team Lead or staff/senior with hands-on team influence Strong C/C++ in security- or systems-oriented production code Deep Linux kernel internals: kernel architecture, system calls, VFS, networking stack, memory model Hands-on eBPF programming experience (tracing, security enforcement, network filtering) Kernel modules development LSM hooks (SELinux, AppArmor, BPF-LSM) or netfilter / iptables integration Namespaces, cgroups, and container isolation primitives Strong multithreading, synchronization, and concurrency in security-critical environments Reverse engineering and low-level analysis (IDA / Ghidra / GDB) Assembly-level understanding (x86 or ARM) Familiarity with exploit mitigations (ASLR, DEP, CFG) from a defensive perspective English B2+ Nice to Have Background in an antivirus, EDR, or endpoint security product — particularly Linux-focused (Falcon, Aqua, Sysdig, Datadog CWP, etc.) Kernel vulnerability research, fuzzing, or static/dynamic analysis seccomp, AppArmor profile authoring, or other Linux hardening primitives Cross-platform systems experience: macOS (ESF, System Extensions) or Windows (WFP, kernel drivers) Background in early-stage or deep-tech product environments Why This Role Is Worth Your Time First Linux TL hire — you set the architectural direction, build the team, and own the track end-to-end Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes Hands-on TL — not a people manager removed from the code; you design, build, and grow the team in parallel AI-first engineering culture — modern AI tooling integrated into daily engineering work