Linux Security Researcher

About Us:

SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. 

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!

What We Are Looking For:

We are looking for talented Linux and container researchers: people who love Kernel and low level research; people who live to beat the system and challenge it; and people who are in pursuit of outsmarting malware and overcoming it. If you’re doing CTFs all day long, we’re looking for you.

We’re looking for information security researchers who are experts in the Linux world and want to take the detections in both Linux servers/endpoints and containers to a whole new level. This person will be part of challenging, innovative, and impactful research projects that will improve our protection and detection in Linux environments. The candidate will get an opportunity to research in new domains, innovate, and help build a world-class product.

Why Choose Us?

Because you will meet extraordinary challenges facing the newest malware and tech obstacles and overcome them. You will take on a major role in improving our threat detection engines and algorithms from the early stages and help bring them into production. You will analyze the threat landscape of multiple Linux and container environments from on-prem networks to the cloud. You will solve low-level Linux engineering problems and research malware, TTPs, and vulnerabilities build better endpoint detection and analyze our detection engines, and design new ones. You will be responsible for reversing the newest malware and exploits and designing methods to detect malware types using OS monitoring, extensive user data, and an in-house malware instrumentation lab.

You will be developing and using internal research tools and frameworks, creating POCs, and inventing ways to prevent exploitation of a wide range of attacks (stack pivots, use after free, etc.).You will explore Linux and containers internals daily and learn how different subsystems really work. You will also explore exploitation methods that are unique to cloud environments. You will also be encouraged to write white papers, blogs, and articles (but only if you are interested), and also research other domains, like Windows and macOS.

What experience or knowledge should you bring?

• 5+ years of experience in cyber security research
• Deep reverse engineering experience.
• Extensive familiarity with the Linux malware world (how the malware operates, infamous families).
• Understanding of existing AV software internals - Advantage.
• Experience with :
• C/C++ development.
• Linux inner-workings and Linux internals (including but not limited to IPC, user interaction, kernel tracing)
• Security in Linux
• Scripting languages (python, bash, etc.’) 
• Containers (K8s, Docker, etc.’)
• Cloud Workloads (EKS, ECS, Fargate, etc.’) - Advantage
• MACOS - Advantage
• A problem solver type of person
• Independent - capable of learning new topics alone and working independently.
• Team player - the job will require you to coordinate and collaborate your work with other entities in the company.

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.