Job Description

ThreatLocker® is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. The ThreatLocker® platform with Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, Endpoint Network Control, Configuration Management, and Operational Alert solutions are leading the cybersecurity market toward a more secure approach of blocking the exploits of application vulnerabilities.

We are seeking a Windows Kernel Driver Engineer with extensive experience in filter driver development and Windows system internals to join our cybersecurity product team. In this role, you will build and maintain critical kernel-mode components that power next-generation threat detection, prevention, and response capabilities on Windows systems. The role will be based in Orlando, FL and is an in-office position.

JOB SCOPE

The Kernel Developer will be responsible for, but not limited to:

• Design and develop kernel-mode filter drivers (file system minifilter, registry filter, network filter, etc.) to support security monitoring and enforcement.
• Investigate and reverse-engineer Windows internals to implement low-level security features and bypass-resistant protections.
• Collaborate with the threat research, detection, and user-mode engineering teams to develop scalable and stealthy security solutions.
• Perform in-depth kernel debugging, crash dump analysis, and performance tuning using WinDbg, ETW, and related tools.
• Develop robust, secure, and maintainable driver code that meets Microsoft's signing and certification standards.
• Monitor Windows platform changes to ensure compatibility and stability across OS versions.

REQUIRED QUALIFICATIONS

• 5+ years of hands-on experience writing Windows kernel-mode drivers, particularly filter drivers.
• Expert knowledge of Windows system internals (memory management, I/O subsystem, object manager, etc.).
• Proficiency in C/C++, Windows Driver Kit (WDK), and kernel debugging tools.
• Experience in the cybersecurity domain, especially endpoint protection, EDR, anti-malware, or kernel-level monitoring.
• Solid understanding of code injection techniques, hooking, kernel-mode exploits, and mitigation strategies.
• Strong problem-solving skills and a security-first engineering mindset.

PREFERRED QUALIFICATIONS

• Experience with malware analysis, reverse engineering, or rootkit detection.
• Familiarity with Windows kernel threat models and secure coding practices.
• Exposure to Microsoft kernel-mode signing, WHQL, and driver submission processes
• Contributions to the infosec community (research, publications, open-source projects, talks)

WORKING CONDITIONS

The duties described below are representative of those encountered while performing the essential functions of this position. If necessary, reasonable accommodation may be requested and will be evaluated for its relationship to the essential functions that must be performed.

• Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.
• While performing duties of this job, would occasionally require to stand, walk, sit, reach with hands and arms, climb or balance, stoop or kneel, talk and hear, and use fingers and hands to feel objects and tools.
• Must occasionally lift and/or move up to 25 pounds.
• Specific vision abilities required include close vision, distance vision, depth perceptions, and the ability to adjust focus.

A background check and drug/substance screening are required after a conditional offer. Employment will proceed only upon receiving clear results from both.

ThreatLocker also conducts randomized drug and substance testing approximately every 60 days, in line with the same screening standards.