About the group

Perlis Cyber Protection Labs responsible for researching and developing innovative breakthrough product-oriented technologies for various cyber security products including: EDR/XDR, Threat Intelligence, Network Security and more

About the team

The "Security Engineering" team is responsible for research and implementation of security and monitoring tools for a variety of security devices (EDR, FW, NAC, etc.). Furthermore, the "Security Engineering" team is responsible for research and development of advanced low-level monitoring capabilities for security purposes such as agentless security for EPP.

Our disruptive security modules impact millions of Huawei customers around the globe and protect them from the most challenging cyber security threats such as: ransomwares, crypto-miners, malicious scripts and more.

Job Description

Perlis Cyber Protection Labs are looking for a talented OS internals - Endpoint Protection (EPP)/End Point Detect and Response (EDR) developer to join our team and develop the Windows EDR agent.

You will join a team of OS internals and networking experts together with security researchers and data scientists that research and implement advanced innovative cyber security capabilities.

Responsibilities

• Research and analyze monitor techniques to utilize OS functionalities
• Tackling complex cross-platform endpoint challenges
• Measuring and enhancing the system and its stability as our system grows rapidly
• Build high-performance on-host data collection and detection mechanisms that require low-level programming and confronting OS internal challenges
• Design and guide the agent development under different performance
• limitations such as - response time, memory usage and disk space
• Develop EDR Driver to utilize notifications for system events such as: file system, process creation, registry, network.
• Develop User-mode hooks to detect malicious behavior.

Requirements

• 5+ years in position of EDR/EPP development
• 5+ years of experience in low level programming development positions
• 5+ years of experience in C/C++ development
• In-depth experience and understanding of Windows OS design and internals
• 5+ years of experience with Windows low-level development in user-mod: API hooks, ntdll, EDR DLL injection to running processes
• 5+ years of experience with Windows low-level development in kernel-mod: minifilter driver (file system, registry, process, tamper protection), infinity hook.
• 5+ years of experience in cyber security: post exploitation TTPs, evasion techniques (direct/indirect syscall, Unhooking…), dynamic malware detection
• Good communicator, people oriented and team player
• Capable of leading a research from an idea to pre-production solution
• Python – Advantage