The Role
The macOS security layer is the first platform in scope — you’ll own it technically. That means hands-on C/C++ development at the OS level and architectural decisions on system extensions and network filters. Windows and Linux follow on the roadmap; macOS is where the product is being built now.
About the Product
A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design, macOS-first by current priority. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system.
The Stack: The primary development surface is macOS — System Extensions and Network Extension framework as the kernel boundary, modern C++ (C++17/20) throughout. The platform is cross-platform by design; Windows and Linux will follow, but macOS is where the architecture is being established. No abstraction layers between the code and the OS — what you build is what runs.
What You’ll Be Doing
- Design and implement core security components using modern C++ (C++17/20) across macOS system-level APIs and OS primitives
- Build and own macOS System Extensions and Network Extension framework integrations — the primary kernel boundary for the platform
- Develop security-sensitive code that interacts with macOS OS internals: processes, threads, memory, filesystems, IPC, and networking
- Design defensive mechanisms and hardening at the system level — components that hold up against real attacker tradecraft
- Reason about correctness, safety, and performance in multithreaded environments where failures are security failures
- Participate in cross-platform architecture decisions as Windows and Linux scope expands
What We Expect
Must-Have
- 5+ years of hands-on systems programming experience
- Strong C/C++ in security- or systems-oriented development — production quality, not academic
- Deep macOS internals expertise: System Extensions, Network Extension framework, process and memory model, IPC
- Solid understanding of macOS security architecture — TCC, SIP, entitlements, sandboxing
- Strong multithreading, synchronization, and concurrency — in environments where correctness is a security property
- Assembly-level understanding (x86 or ARM) sufficient to reason about system behavior
- Familiarity with exploit mitigations and defensive techniques (ASLR, DEP, CFG) from a defensive engineering perspective
- English B2+
Nice to Have
- Background in an antivirus, EDR, or endpoint security company — strong plus; the problem space is familiar, the ramp-up is shorter
- Kernel-level development experience on macOS or other platforms
- Cross-platform systems experience: Windows (WFP, kernel drivers) or Linux (eBPF, LSM)
- Experience with fuzzing, static/dynamic analysis, or vulnerability research
- Background in early-stage or deep-tech product environments
Why This Role Is Worth Your Time
- Early ownership of the macOS security layer — the architectural decisions you make now define the platform for all three OS targets
- Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes
- Deep OS-level work with meaningful technical stakes; no product management overhead between you and the hard problems
