Windows Agent Developer

About the Role:

We are seeking an experienced and passionate Windows Kernel Developers to join our EDR/XDR Agent/Sensor Development Team. The ideal candidate will have deep expertise in Windows internals, kernel-mode driver development, and C/C++ programming. You will be part of EDR/XDR agent/sensor development team and responsible for building core components of our EDR/XDR agent/sensor that operates in both user-mode and kernel-mode, focusing on system monitoring, threat detection, and remediation.

What you’ll Do at Cyble:

• Work along with our senior lead kernel developers and work on design, develop, and maintain Windows kernel-mode drivers for various EDR/XDR modules.
• Write Windows kernel-mode drivers for device management capabilities like USB, Bluetooth device controls.
• Develop user-mode services that interface with kernel drivers for event processing and policy enforcement.
• Implement real-time remediation actions like terminate, delete/quarantine, take & restore system snapshots.
• Debug and resolve BSODs, race conditions, memory leaks, and performance bottlenecks.
• Integrate with backend admin console with different integration methods and data exchange formats like JSON, Protobuf
• Integrate with Threat Intelligence Systems and other downstream components.
• Collaborate with cross-functional teams (security analysts, product managers, QA) to translate detection use cases into scalable agent capabilities.

 What you’ll  Need:

• Strong proficiency in C and C++, including multithreading and synchronization primitives.
• Deep knowledge of Windows OS internals (kernel objects, memory management, I/O Manager, IRP lifecycle).
• Experience in developing WDM, KMDF, or Minifilter drivers.
• Strong understanding of Windows security architecture, process/thread management, file system architecture, and Registry internals.
• Familiarity with monitoring frameworks
• Hands-on experience implementing Kernel hooks and callback mechanisms, strong experience in writing user-mode code.
• Experienced in writing components which does YARA rules lookups, experienced in ETW, Sysmon, kernel telemetry pipelines.
• Written kernel / user-mode hooks for any or all of these events like process, library, file system changes, registry changes, device hooks like USB, Bluetooth access controls.
• Proficiency in building remediation components for various threats category.
• Familiarity with debugging tools like WinDbg, Driver Verifier, Blue Screen analysis.
• Understanding of endpoint security concepts, including EDR/XDR product behaviour.

 Cyble offers:

• A dynamic and collaborative work environment.
• Opportunities for learning and career growth.
• Mentorship from experienced developers to guide you in advancing your skills.

 About Cyble:

Cyble is revolutionizing the landscape of cybersecurity intelligence. Founded in 2019, Cyble began as a visionary college project and has quickly transformed into a leading force in proactive cyber threat detection and mitigation, that is now globally significant, with people in 20 countries - Headquartered in Alpharetta, Georgia, and with offices in Australia, Malaysia, Singapore, Dubai, Saudi Arabia and India

Our mission is clear: to provide visibility, intelligence and cybersecurity protection using cutting-edge advanced technology, giving enterprises a powerful advantage. We democratize real-time intelligence about cyber threats and vulnerabilities, enabling organizations to take proactive measures and maintain robust cybersecurity. We strive to make the digital world a safer place for everyone.

At Cyble, artificial intelligence (AI) and innovation are central to all operations, with a commitment to continuous improvement and excellence in both products and business practices. Cyble values inclusivity, offering team members autonomy and flexibility to balance their professional and personal lives. Cyble fosters a culture where employees voices are heard, contributions are recognized, and everyone is encouraged to be part of something extraordinary. To learn more about Cyble, visit www.cyble.com.