Windows Malware Researcher / Detection Engineer - Senior or Staff

As a Senior/Staff Windows Detection Engineer you will help shape the future of endpoint security through a unified, converged platform that automatically prevents, detects, and responds to threats in real time. You will design and develop advanced Windows detections by combining deep system process inspection, behavioral analysis, and innovative machine learning techniques to identify and stop sophisticated attacks before they cause harm.

You will join a growing team of passionate security experts and technical leaders who think differently, challenge assumptions, and constantly explore new ways to outsmart adversaries. In this role, you will hunt for emerging threats, solve complex security problems, and deliver high-impact detection capabilities with speed and precision.

What will you do?

Primary responsibilities include:

• You will be responsible for detecting the newest malware and exploits based on SentinelOne’s Endpoint Protection platform. Your role won’t end with a hypothesis or a document - you’ll have an end to end responsibility for behaviour-based detection capabilities, starting from reversing the samples, designing new methods to detect or prevent those, and implementing it in the product in the end (SW development in C++23 and scripting in Lua).
• You will be developing and using internal research tools, PoCs and discovering new ways to detect/prevent exploitation attacks (EoP, drive-by attacks and more).
• At the end of the day, your deliveries will enhance the security of dozens of millions of Windows endpoints which are protected by our platform.

What experience or knowledge should you bring?

Ideal candidates will have:

• Proven experience with reverse engineering of x86/x64/ARM binaries
• Several years of experience in malware analysis (statically and dynamically)
• Several years of experience with C++
• Excellent understanding of the Windows Internals - understanding how core system components (Process and Threads, Virtual Memory and more) work behind the scenes
• Experienced with analysis tools, such as: IDA, WinDBG, SysInternals etc.
• An advantage would be - kernel development experience, Python experience, and/or understanding of existing AVs internals

Why SentinelOne? 

AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.

We invest in our Sentinels with comprehensive, competitive benefits designed to support you and your family:

• Enjoy flexible hybrid work in Prague (Karlin), Brno (Clubco), or remotely across CZ/SK. Only Prague-based employees are required to work from the office at least two days per week.
• Stock & Bonuses: Grant of Restricted Stock Units with a 4-year vesting plan, annual performance-based bonuses, and an employee stock purchase plan.
• Time Off & Well-being: Flexible Time Off, on top of the standard 5 weeks vacation, flexible paid sick days, fully paid Short Term Sick/Nursing Leave, 16-week parental leave, grandparent leave, and additional company holidays.
• Insurance & Health: Pension Insurance Contribution, Premium life insurance, Private medical care (for you and +1), and a Global Employee Assistance Program.
• Work Perks: Monthly meal and well-being allowance, high-end MacBook/Windows laptop, work-from-home support, and in-office refreshments.
• Growth & Community: LinkedIn Learning, internal mentoring, educational support, generous referral bonuses, and optional company events (sports, BBQs, charity).

Be part of an inclusive, innovative workplace that values belonging, flexibility, and growth!