The Role
The macOS security layer is where the product is being built right now — this Team Lead role owns it both technically and as the manager of the small team building it. You'll lead a focused group of Mac engineers, set the architectural direction for endpoint protection on macOS, and stay deeply hands-on in C/C++ at the OS level. Cross-platform follows; macOS is where the architecture is being established.
About the Product
A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design, macOS-first by current priority. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system.
The Stack: macOS as the primary development surface — System Extensions and Network Extension framework as the kernel boundary, Endpoint Security Framework (ESF), modern C++ (C++17/20) throughout. Defensive engineering against real attacker tradecraft. No abstraction layers between the code and the OS — what you build is what runs.
What You’ll Be Doing
- Lead the design and development of low-level macOS security components in modern C++ (C++17/20) — both architecture decisions and personal contribution
- Drive the technical direction for endpoint protection on macOS — System Extensions, Network Extensions, ESF, exploit mitigations, hardening
- Build security-sensitive code that interacts with macOS internals: processes, memory, filesystem, IPC, networking
- Mentor and grow the macOS engineering team — code reviews, technical guidance, recruiting
- Reverse-engineer and analyze attacker techniques on macOS, then translate them into detection and prevention
- Reason about correctness, safety, and performance in multithreaded environments where failures are security failures
- Participate in cross-platform architecture decisions as Linux scope expands
What We Expect
Must-Have
- 7+ years of low-level systems or security engineering experience
- Proven leadership or mentorship — formal Team Lead or staff/senior with hands-on team influence
- Strong C/C++ in security- or systems-oriented production code
- Deep macOS internals: System Extensions, Network Extension framework, ESF, processes, memory, IPC
- Solid understanding of macOS security architecture — SIP, TCC, entitlements, code signing, sandboxing
- Strong multithreading, synchronization, and concurrency in security-critical environments
- Reverse engineering and low-level analysis (IDA / Ghidra / lldb)
- Assembly-level understanding (x86 or ARM)
- Familiarity with exploit mitigations (ASLR, DEP, CFG) from a defensive perspective
- English B2+
Nice to Have
- Background in an antivirus, EDR, or endpoint security product — particularly macOS-focused
- Kernel-level development experience on macOS
- Vulnerability research, fuzzing, or static/dynamic analysis
- Cross-platform systems experience: Linux (eBPF, LSM) or Windows (WFP, kernel drivers)
- Background in early-stage or deep-tech product environments
Why This Role Is Worth Your Time
- Technical and people leadership of the macOS security track — the architectural decisions you make now define the platform
- Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes
- Hands-on TL — not a people manager removed from the code; you design, build, and grow the team in parallel
- AI-first engineering culture — modern AI tooling integrated into daily engineering work