Security Engineer (MacOS)

About The Position

Requirements

• Deep expertise in macOS operating system internals and kernel security architecture (XNU kernel, process/thread/memory management, Mach messaging, security frameworks, undocumented behavior)
• Strong background in offensive security or threat research: practical understanding of exploitation techniques, malware behavior, and attacker tradecraft
• Experience with macOS kernel instrumentation and telemetry systems (Endpoint Security Framework, Network Extensions, kernel event tracing, or kernel extension development)
• Systems research mindset: ability to reverse-engineer complex systems, investigate undocumented behaviors, and architect data collection pipelines
• Proven ability to dissect and analyze adversary techniques through malware reverse engineering, threat intelligence analysis, or incident response
• Strong analytical and threat modeling skills: hypothesis-driven investigation, attack scenario contemplation, security architecture analysis
• Ability to communicate complex security and systems concepts to both executive and highly technical audiences
• Comfortable in fast-paced startup environments with evolving research priorities

Nice To Haves

• Prior experience in enterprise security research, particularly with endpoint security products (EDR/XDR platforms) or security instrumentation
• Vulnerability research and exploit development background (deep practical understanding of macOS exploitation primitives and attack techniques)
• Published security research: conference talks (Black Hat, DEFCON, REcon), blog posts, open-source security tooling, or CVE discoveries
• Hands-on experience with adversary emulation, red teaming, or purple teaming using frameworks like Sliver, custom tooling, or atomic red team
• Deep expertise in specific macOS attack surfaces: process injection techniques, TCC bypass, credential access, defense evasion, persistence mechanisms
• Experience with low-level macOS telemetry: kernel debugging, DTrace/Instruments profiling, kernel extension development, or rootkit analysis
• Systems programming experience (Rust, C, C++, Objective-C, Swift) helpful for prototyping instrumentation or collaborating with engineering, but not primary job function
• Background in malware reverse engineering: analysis of macOS malware, ransomware, or sophisticated evasion techniques

Responsibilities

• Architect macOS telemetry pipelines: design and validate new instrumentation points (Endpoint Security Framework, Network Extensions, kernel tracing, performance counters) for endpoint observability
• Dissect adversary tradecraft: reverse-engineer attacker techniques through malware analysis, threat intelligence, and real-world incident investigation
• Conduct attack scenario analysis: explore theoretical and practical attack vectors against AI agents, enterprise software, and macOS systems to identify telemetry and detection gaps
• Define security event ontology: establish semantic models for system behaviors, attack patterns, and forensic artifacts that drive detection logic
• Perform systems research on macOS internals: investigate kernel security mechanisms, undocumented APIs, and low-level system behaviors relevant to security observability
• Validate telemetry coverage through adversary emulation: build and execute attack simulations to verify observability completeness and detection accuracy
• Collaborate with engineering to translate research into production: provide technical requirements for telemetry collection, data schemas, and detection implementations
• Stay current with offensive security research: monitor vulnerability disclosures, exploitation techniques, and emerging macOS attack surfaces

Benefits

• generous healthcare
• flexible PTO
• home-office support