Product Security Researcher

Product Security Low-Level Researcher

We are looking for a Product Security Low-Level Researcher to lead deep technical research across operating systems, kernels, drivers, and low-level system components that form the foundation of modern enterprise platforms.

In this role, you will investigate complex attack surfaces, uncover subtle and high-impact vulnerabilities, and translate advanced research into practical security improvements. The position focuses on deep systems knowledge, hands-on experimentation, and original research beyond application-layer security.

Key Responsibilities

• Low-Level Vulnerability Research:
• Research and discover vulnerabilities in OS kernels, drivers, system services, virtualization layers, and other low-level components across execution and trust boundaries.
• Kernel & OS Internals Analysis:
• Analyze kernel subsystems such as memory management, scheduling, IPC, filesystems, and networking to identify design flaws, logic bugs, and exploitation paths.
• Exploit Development & Validation:
• Develop proof-of-concept exploits for kernel- and driver-level vulnerabilities to assess impact and guide mitigation strategies.
• Security Testing & Tooling:
• Design and build custom tooling for kernel fuzzing, syscall and interface testing, driver analysis, and low-level instrumentation.
• Cryptography & Trust Mechanisms:
• Review implementations of cryptographic primitives, key management, secure boot, attestation, and hardware-backed security features to identify weaknesses or misuse.
• System-Level Threat Modeling:
• Collaborate with platform engineers and security leadership to model threats across privilege boundaries, boot chains, isolation mechanisms, and OS integrations.
• Research & Knowledge Sharing:
• Track emerging kernel exploitation techniques and advanced threat tradecraft, contributing insights to internal guidelines, tooling, and long-term security strategy.

Qualifications:

• Strong understanding of operating system internals, kernel architectures, or driver development (Linux, Windows, macOS, or mobile operating systems).
• Hands-on experience with low-level programming in C/C++, Rust, or assembly; scripting experience (e.g., Python) for automation and tooling.
• Background in kernel vulnerability research, driver auditing, exploit development, or advanced reverse engineering.
• Deep familiarity with low-level vulnerability classes such as use-after-free, race conditions, logic flaws, privilege escalation, and sandbox or isolation bypasses.
• Experience with kernel debuggers, fuzzers, emulation, or virtualization-based analysis frameworks.
• Strong curiosity and research-driven mindset, with a passion for understanding systems at their lowest layers and challenging underlying assumptions.