Senior Windows Internals Engineer

CompanyWe are helping our client, a fast-growing cybersecurity SaaS provider founded in 2012, whose AI-powered, operation-centric platform combines endpoint protection, detection, and response capabilities (EDR, XDR), to detect, halt, and investigate cyber threats with advanced behavioral analytics. The company operates globally - including in Tokyo - and is known for its real-time security intelligence and innovative approach to combating sophisticated cyberattacks.About the roleWe are seeking a Senior Windows Internals Engineer to join their Endpoint team in Tokyo and play a key role in building the core technology behind the company’s Windows agent. You will design and implement low-level Windows components - from kernel drivers to user-mode services - that power our advanced threat detection and response capabilities. This is a high-impact role for engineers who are passionate about system-level programming, security, and building products that operate at scale.ResponsibilitiesDesign and develop low-level components for the Windows endpoint sensor, ensuring stability, performance, and stealth.Build and maintain kernel drivers and user-mode services to collect, filter, and analyze endpoint telemetry.Implement techniques for process/thread monitoring, registry tracking, file system interception, and network event visibility.Debug complex issues in both kernel-mode and user-mode across different Windows versions.Collaborate with security researchers, product managers, and platform engineers to translate threat intelligence into product features.Conduct code reviews, mentor junior engineers, and participate in architecture design decisions.Stay up to date with Windows internals, security trends, and advanced system programming practices.RequirementsBachelor’s degree in Computer Science, Software Engineering, or equivalent professional experience.5+ years of hands-on C++ development (C++11 or later).Deep understanding of Windows internals: kernel architecture, system calls, memory management, and driver development.Proven experience with kernel-mode development (e.g., Windows Drivers, Windows Filtering Platform, minifilters, ETW).Strong debugging and reverse engineering skills (WinDbg, Process Monitor, Process Explorer, IDA Pro, Ghidra).Familiarity with Windows security mechanisms: integrity levels, UAC, AppLocker, secure boot.Experience with Visual Studio, Windows Driver Kit (WDK), and related environments.Track record of building or contributing to endpoint security products (EDR, AV, EPP, etc.).Familiarity with Windows telemetry, event logs, Sysmon, and ETW tracing.Experience with malware analysis, exploit techniques, or SOC/DFIR workflows.Scripting skills in PowerShell or Python for automation and testing.Understanding of kernel-mode evasion techniques and defensive strategies.Background in code signing, driver deployment, and secure update mechanisms.What the company offersCompetitive salary and comprehensive benefits package.Flexible working hours with remote work options.Opportunities for professional growth and continuous learning.A collaborative, innovative, and mission-driven team culture.Full-time role. No sponsorship at the moment.