Senior Low-Level Security Engineer – Team Lead (macOS) | NXJ-164

The Role

The macOS security layer is where the product is being built right now — this Team Lead role owns it both technically and as the manager of the small team building it. You'll lead a focused group of Mac engineers, set the architectural direction for endpoint protection on macOS, and stay deeply hands-on in C/C++ at the OS level. Cross-platform follows; macOS is where the architecture is being established.

About the Product

A foundational endpoint security platform that operates deep in the OS — processes, memory, kernel boundaries, and network traffic. Cross-platform by design, macOS-first by current priority. The threat model is real-world attacker techniques; the engineering constraint is that defenses have to work at the system level without breaking the system.

The Stack: macOS as the primary development surface — System Extensions and Network Extension framework as the kernel boundary, Endpoint Security Framework (ESF), modern C++ (C++17/20) throughout. Defensive engineering against real attacker tradecraft. No abstraction layers between the code and the OS — what you build is what runs.

What You'll Be Doing

• Lead the design and development of low-level macOS security components in modern C++ (C++17/20) — both architecture decisions and personal contribution

• Drive the technical direction for endpoint protection on macOS — System Extensions, Network Extensions, ESF, exploit mitigations, hardening

• Build security-sensitive code that interacts with macOS internals: processes, memory, filesystem, IPC, networking

• Mentor and grow the macOS engineering team — code reviews, technical guidance, recruiting

• Reverse-engineer and analyze attacker techniques on macOS, then translate them into detection and prevention

• Reason about correctness, safety, and performance in multithreaded environments where failures are security failures

• Participate in cross-platform architecture decisions as Linux scope expands

What We Expect

Must-Have

• 7+ years of low-level systems or security engineering experience

• Proven leadership or mentorship — formal Team Lead or staff/senior with hands-on team influence

• Strong C/C++ in security- or systems-oriented production code

• Deep macOS internals: System Extensions, Network Extension framework, ESF, processes, memory, IPC

• Solid understanding of macOS security architecture — SIP, TCC, entitlements, code signing, sandboxing

• Strong multithreading, synchronization, and concurrency in security-critical environments

• Reverse engineering and low-level analysis (IDA / Ghidra / lldb)

• Assembly-level understanding (x86 or ARM)

• Familiarity with exploit mitigations (ASLR, DEP, CFG) from a defensive perspective

• English B2+

Nice to Have

• Background in an antivirus, EDR, or endpoint security product — particularly macOS-focused

• Kernel-level development experience on macOS

• Vulnerability research, fuzzing, or static/dynamic analysis

• Cross-platform systems experience: Linux (eBPF, LSM) or Windows (WFP, kernel drivers)

• Background in early-stage or deep-tech product environments

Why This Role Is Worth Your Time

• Technical and people leadership of the macOS security track — the architectural decisions you make now define the platform

• Real endpoint security problems: the threat model is attacker tradecraft, not compliance checkboxes

• Hands-on TL — not a people manager removed from the code; you design, build, and grow the team in parallel

• AI-first engineering culture — modern AI tooling integrated into daily engineering work