Senior Low-Level Security Engineer – Team Lead (Linux) | NXJ-165

The Role

This is the first Linux Team Lead hire on the platform — you'll set the technical direction for Linux endpoint security, build the team from the ground up, and stay deeply hands-on in C/C++ at the kernel boundary. The Linux track is being established now; the architectural decisions are yours.

About the Product

A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system.

The Stack: Linux as the primary development surface for this track — eBPF for tracing and security enforcement, kernel modules where deeper integration is needed, LSM hooks (SELinux / AppArmor / BPF-LSM), netfilter, namespaces and cgroups. Modern C++ (C++17/20) throughout. Defensive engineering against real attacker tradecraft.

What You'll Be Doing

• Lead the design and development of low-level Linux security components in modern C++ (C++17/20) — both architecture decisions and personal contribution

• Drive the technical direction for endpoint protection on Linux — eBPF programs, kernel modules, LSM integration, netfilter hooks, container isolation primitives

• Build security-sensitive code that interacts with Linux internals: processes, memory, VFS, IPC, networking, namespaces, cgroups

• Hire, mentor, and grow the Linux engineering team — code reviews, technical guidance, recruiting

• Reverse-engineer and analyze attacker techniques on Linux, then translate them into detection and prevention

• Reason about correctness, safety, and performance in multithreaded environments where failures are security failures

• Participate in cross-platform architecture as macOS and Windows scopes evolve

What We Expect

Must-Have

• 7+ years of low-level systems or security engineering experience

• Proven leadership or mentorship — formal Team Lead or staff/senior with hands-on team influence

• Strong C/C++ in security- or systems-oriented production code

• Deep Linux kernel internals: kernel architecture, system calls, VFS, networking stack, memory model

• Hands-on eBPF programming experience (tracing, security enforcement, network filtering)

• Kernel modules development

• LSM hooks (SELinux, AppArmor, BPF-LSM) or netfilter / iptables integration

• Namespaces, cgroups, and container isolation primitives

• Strong multithreading, synchronization, and concurrency in security-critical environments

• Reverse engineering and low-level analysis (IDA / Ghidra / GDB)

• Assembly-level understanding (x86 or ARM)

• Familiarity with exploit mitigations (ASLR, DEP, CFG) from a defensive perspective

• English B2+

Nice to Have

• Background in an antivirus, EDR, or endpoint security product — particularly Linux-focused (Falcon, Aqua, Sysdig, Datadog CWP, etc.)

• Kernel vulnerability research, fuzzing, or static/dynamic analysis

• seccomp, AppArmor profile authoring, or other Linux hardening primitives

• Cross-platform systems experience: macOS (ESF, System Extensions) or Windows (WFP, kernel drivers)

• Background in early-stage or deep-tech product environments

Why This Role Is Worth Your Time

• First Linux TL hire — you set the architectural direction, build the team, and own the track end-to-end

• Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes

• Hands-on TL — not a people manager removed from the code; you design, build, and grow the team in parallel

• AI-first engineering culture — modern AI tooling integrated into daily engineering work