Attack Team Lead – Offensive R&D & Windows Internals

🔹 Title: Attack Team Lead – Offensive R&D & Windows Internals📍 Locations (Hybrid): Tel Aviv (Sky Tower)👥 Reporting To: Engineering Group Manager🌟 Opportunity HighlightsWe are seeking a highly skilled and experienced Windows Internals Team Leader to lead a specialized attack team focused on developing offensive, production-ready attack capabilities. This is a research and development (R&D) role at the core of our offensive security efforts. You will be responsible for architecting and delivering advanced low-level attack components used in evasion techniques, red team tooling, and adversary simulations.

You will be hands-on in both leadership and development, guiding technical direction, mentoring engineers, and contributing code across kernel-mode and user-mode components.

🚀 The Impact You Will HaveLead the design, development, and deployment of production-grade offensive capabilities targeting Windows systemsDevelop low-level Windows components including kernel-mode code, user-mode loaders, and OS-level evasion mechanismsImplement Python bindings to connect native low-level components with Python-based research tools and automationDebug complex issues in both kernel and user space using tools such as WinDBG and KDResearch and develop bypass techniques for modern Windows security controlsCollaborate with the Research Team and other R&D stakeholders to implement and refine offensive conceptsProvide technical mentorship and drive engineering best practices within the team🧬 What Sets You ApartLeadershipProven experience as a Team Lead or Technical Lead in an offensive security or R&D environmentStrong ability to lead complex engineering efforts and mentor a highly technical teamExperience owning full R&D project lifecycles from concept through productionTechnical Expertise5+ years of hands-on experience in Windows Internals or kernel-mode development using C and C++3+ years of Python experience, especially for integrating with native modules and supporting research workflowsExperience developing stealthy and evasive attack components, including in-memory execution and user/kernel-mode toolingProficient in Windows debugging using WinDBG, KD, and similar toolsDeep knowledge of Windows APIs, security controls, and undocumented behaviors relevant to offensive securityFamiliarity with EDR evasion, API hooking, and direct system call manipulationPersonal AttributesPassionate about offensive security and deep technical researchSelf-motivated and capable of operating independently in high-trust environmentsCreative and methodical in problem solving, with a strong attention to detail💥 Even BETTER if you haveExperience with MITRE ATT&CK and implementing or simulating ATT&CK techniquesBackground in red teaming, adversary emulation, or APT simulationPrior contributions to offensive tooling or internal R&D platformsUnderstanding of modern threat actor TTPs and practical application in research environmentsJoin us to lead the development of real-world offensive capabilities at the intersection of advanced OS knowledge and cutting-edge security research.

👋 Who We AreSafeBreach is the leader in enterprise-grade exposure validation, providing the world’s largest brands with safe and scalable capabilities to understand, measure and remediate threat exposure and associated cyber risk. SafeBreach has had a landmark year so far, launching its new SafeBreach Exposure Validation Platform in February 2025, which combines breach and attack simulation (BAS) capabilities with attack path validation to provide enterprises with deeper insight into threat exposure and cyber risk.

The award-winning SafeBreach exposure validation platform combines pioneering breach and attack simulation and innovative attack path validation capabilities to help enterprise security teams measure and address security gaps at the perimeter and beyond. SafeBreach helps enterprises transform their security strategy from reactive to proactive safely and at scale. SafeBreach is a state-of-the-art thought leadership research team, with proven critical discoveries which include forty 0-day vulnerabilities in significant security solutions. We are regular speakers at the most important global cyber security conferences, with more than twenty main-stage talks at Black Hat and DEFCON conferences.

The best thing about SafeBreach? Definitely the people! SafeBreachers are friendly, collaborative, and hard working. Together, we've built an amazing culture, and we are looking to add more awesome people to our growing team!💰 What We OfferCompetitive salary and equity grantsHybrid flexibilityQuarterly recharge weekendsLearning & development stipendGenerous paid leave policies including flexible PTO and parental leave⏳ Interview ProcessAverage Duration: ~2-4 weeksKey StepsSend your applicationReceive a response from us within 5–7 daysIf SelectedIntro with the recruiterMeet the VP of ResearchMeet the hiring managerTake-home assignmentMeet the team at the officeMeet the CTOFinal StepsOffer & Onboarding!