Senior Product Security Low-Level Researcher

Description:

We’re a team of hungry, high-character professionals from all backgrounds who came together to reinvent work for the modern enterprise.And we’re always looking for world-class human beings (not resumes) to join the movement.

Island, the Enterprise Browser is the ideal enterprise workplace where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility, and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect.

As a Product Security Low-Level Researcher at Island, you will focus on deep technical research across operating systems, kernels, drivers, and low-level system components that underpin modern enterprise computing. You will investigate complex attack surfaces, uncover subtle and high-impact vulnerabilities, and translate cutting-edge research into practical security improvements for Island’s platform. This role emphasizes deep systems knowledge, hands-on experimentation, and original research that pushes beyond application-layer security.

Key Responsibilities:

• Low-Level Vulnerability Research: Research and discover vulnerabilities in operating system kernels, drivers, system services, virtualization layers, and low-level system components relevant to Island’s execution and trust boundaries.
• Kernel & OS Internals Analysis: Analyze kernel subsystems (memory management, scheduling, IPC, filesystems, networking) and OS security primitives to identify design flaws, logic bugs, and exploitation opportunities.
• Exploit Development & Validation: Develop proof-of-concept exploits for kernel- and driver-level issues to validate impact, assess exploitability, and inform mitigation strategies.
• Security Testing & Tooling: Design and build custom tooling for kernel fuzzing, syscall/interface testing, driver analysis, and low-level instrumentation across supported platforms.
• Cryptography & Trust Mechanisms: Assess the implementation and usage of cryptographic primitives, key management, secure boot, attestation, and hardware-backed security features, identifying weaknesses or misuse patterns.
• Threat Modeling at the System Level: Collaborate with architects, platform engineers, and the Product Security Lead to model threats across privilege boundaries, boot chains, isolation mechanisms, and OS-level integrations.
• Research Enablement & Knowledge Sharing: Track emerging exploitation techniques, kernel research, and advanced persistent threat tradecraft; contribute findings to internal playbooks, design guidance, and long-term security strategy.

• Strong understanding of operating system internals, kernel architectures, or driver development (Linux, Windows, macOS, or mobile OSes).
• Hands-on experience with low-level programming in C/C++, Rust, or assembly; scripting experience (e.g., Python) for tooling and automation.
• Background in kernel vulnerability research, driver auditing, exploit development, or advanced reverse engineering.
• Deep familiarity with low-level vulnerability classes (e.g., UAF, race conditions, logic bugs, privilege escalation, sandbox and isolation bypasses).
• Experience with kernel debuggers, fuzzers, emulation, or virtualization-based analysis frameworks.
• Strong curiosity and research mindset, with a passion for understanding systems at their lowest layers and breaking assumptions they rely on.