The Role
This is the first Linux Team Lead hire on the platform — you'll set the technical direction for Linux endpoint security, build the team from the ground up, and stay deeply hands-on in C/C++ at the kernel boundary. The Linux track is being established now; the architectural decisions are yours.
About the Product
A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system.
The Stack: Linux as the primary development surface for this track — eBPF for tracing and security enforcement, kernel modules where deeper integration is needed, LSM hooks (SELinux / AppArmor / BPF-LSM), netfilter, namespaces and cgroups. Modern C++ (C++17/20) throughout. Defensive engineering against real attacker tradecraft.
What You’ll Be Doing
- Lead the design and development of low-level Linux security components in modern C++ (C++17/20) — both architecture decisions and personal contribution
- Drive the technical direction for endpoint protection on Linux — eBPF programs, kernel modules, LSM integration, netfilter hooks, container isolation primitives
- Build security-sensitive code that interacts with Linux internals: processes, memory, VFS, IPC, networking, namespaces, cgroups
- Hire, mentor, and grow the Linux engineering team — code reviews, technical guidance, recruiting
- Reverse-engineer and analyze attacker techniques on Linux, then translate them into detection and prevention
- Reason about correctness, safety, and performance in multithreaded environments where failures are security failures
- Participate in cross-platform architecture as macOS and Windows scopes evolve
What We Expect
Must-Have
- 7+ years of low-level systems or security engineering experience
- Proven leadership or mentorship — formal Team Lead or staff/senior with hands-on team influence
- Strong C/C++ in security- or systems-oriented production code
- Deep Linux kernel internals: kernel architecture, system calls, VFS, networking stack, memory model
- Hands-on eBPF programming experience (tracing, security enforcement, network filtering)
- Kernel modules development
- LSM hooks (SELinux, AppArmor, BPF-LSM) or netfilter / iptables integration
- Namespaces, cgroups, and container isolation primitives
- Strong multithreading, synchronization, and concurrency in security-critical environments
- Reverse engineering and low-level analysis (IDA / Ghidra / GDB)
- Assembly-level understanding (x86 or ARM)
- Familiarity with exploit mitigations (ASLR, DEP, CFG) from a defensive perspective
- English B2+
Nice to Have
- Background in an antivirus, EDR, or endpoint security product — particularly Linux-focused (Falcon, Aqua, Sysdig, Datadog CWP, etc.)
- Kernel vulnerability research, fuzzing, or static/dynamic analysis
- seccomp, AppArmor profile authoring, or other Linux hardening primitives
- Cross-platform systems experience: macOS (ESF, System Extensions) or Windows (WFP, kernel drivers)
- Background in early-stage or deep-tech product environments
Why This Role Is Worth Your Time
- First Linux TL hire — you set the architectural direction, build the team, and own the track end-to-end
- Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes
- Hands-on TL — not a people manager removed from the code; you design, build, and grow the team in parallel
- AI-first engineering culture — modern AI tooling integrated into daily engineering work