About the Role
The Role The macOS security layer is the first platform in scope — you'll own it technically. That means hands-on C/C++ development at the OS level and architectural decisions on system extensions and network filters. Windows and Linux follow on the roadmap; macOS is where the product is being built now. About the Product A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design, macOS-first by current priority. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system. The Stack: The primary development surface is macOS — System Extensions and Network Extension framework as the kernel boundary, modern C++ (C++17/20) throughout. The platform is cross-platform by design; Windows and Linux will follow, but macOS is where the architecture is being established. No abstraction layers between the code and the OS — what you build is what runs. What You’ll Be Doing Design and implement core security components using modern C++ (C++17/20) across macOS system-level APIs and OS primitives Build and own macOS System Extensions and Network Extension framework integrations — the primary kernel boundary for the platform Develop security-sensitive code that interacts with macOS OS internals: processes, threads, memory, filesystems, IPC, and networking Design defensive mechanisms and hardening at the system level — components that hold up against real attacker tradecraft Reason about correctness, safety, and performance in multithreaded environments where failures are security failures Participate in cross-platform architecture decisions as Windows and Linux scope expands What We Expect Must-Have 5+ years of hands-on systems programming experience Strong C/C++ in security- or systems-oriented development — production quality, not academic Deep macOS internals expertise: System Extensions, Network Extension framework, process and memory model, IPC Solid understanding of macOS security architecture — TCC, SIP, entitlements, sandboxing Strong multithreading, synchronization, and concurrency — in environments where correctness is a security property Assembly-level understanding (x86 or ARM) sufficient to reason about system behavior Familiarity with exploit mitigations and defensive techniques (ASLR, DEP, CFG) from a defensive engineering perspective English B2+ Nice to Have Background in an antivirus, EDR, or endpoint security company — strong plus; the problem space is familiar, the ramp-up is shorter Kernel-level development experience on macOS or other platforms Cross-platform systems experience: Windows (WFP, kernel drivers) or Linux (eBPF, LSM) Experience with fuzzing, static/dynamic analysis, or vulnerability research Background in early-stage or deep-tech product environments Why This Role Is Worth Your Time Early ownership of the macOS security layer — the architectural decisions you make now define the platform for all three OS targets Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes Deep OS-level work with meaningful technical stakes; no product management overhead between you and the hard problems