Windows Internals Team Leader

Tel Aviv-Yafo, Tel Aviv District, IL

SafeBreach

SafeBreach provides the leading exposure validation platform, combining breach and attack simulation with attack path validation.

View all jobs at SafeBreach

Apply now Apply later

Description

🔹 Title: Windows Internals Team Leader

📍 Locations (Hybrid): Tel Aviv (Sky Tower)

👥 Reporting To: CTO

🌟 Opportunity Highlights

We are seeking a highly skilled and experienced Windows Internals Team Leader to lead a specialized team focused on developing offensive, production-ready attack capabilities. This is a research and development (R&D) role at the core of our offensive security efforts. You will be responsible for architecting and delivering advanced low-level attack components used in evasion techniques, red team tooling, and adversary simulations.

You will be hands-on in both leadership and development, guiding technical direction, mentoring engineers, and contributing code across kernel-mode and user-mode components.

🚀 The Impact You Will Have

  • Lead the design, development, and deployment of production-grade offensive capabilities targeting Windows systems
  • Develop low-level Windows components including kernel-mode code, user-mode loaders, and OS-level evasion mechanisms
  • Implement Python bindings to connect native low-level components with Python-based research tools and automation
  • Debug complex issues in both kernel and user space using tools such as WinDBG and KD
  • Research and develop bypass techniques for modern Windows security controls
  • Collaborate with the Research Team and other R&D stakeholders to implement and refine offensive concepts
  • Provide technical mentorship and drive engineering best practices within the team

Requirements

🧬 What Sets You Apart

Leadership

  • Proven experience as a Team Lead or Technical Lead in an offensive security or R&D environment
  • Strong ability to lead complex engineering efforts and mentor a highly technical team
  • Experience owning full R&D project lifecycles from concept through production


Technical

  • 5+ years of hands-on experience in Windows Internals or kernel-mode development using C and C++
  • 3+ years of Python experience, especially for integrating with native modules and supporting research workflows
  • Experience developing stealthy and evasive attack components, including in-memory execution and user/kernel-mode tooling
  • Proficient in Windows debugging using WinDBG, KD, and similar tools
  • Deep knowledge of Windows APIs, security controls, and undocumented behaviors relevant to offensive security
  • Familiarity with EDR evasion, API hooking, and direct system call manipulation


Personal Attributes

  • Passionate about offensive security and deep technical research
  • Self-motivated and capable of operating independently in high-trust environments
  • Creative and methodical in problem solving, with a strong attention to detail


💥 Even BETTER if you have

  • Experience with MITRE ATT&CK and implementing or simulating ATT&CK techniques
  • Background in red teaming, adversary emulation, or APT simulation
  • Prior contributions to offensive tooling or internal R&D platforms
  • Understanding of modern threat actor TTPs and practical application in research environments

Join us to lead the development of real-world offensive capabilities at the intersection of advanced OS knowledge and cutting-edge security research.


👋 Who We Are

SafeBreach is the leader in enterprise-grade exposure validation, providing the world’s largest brands with safe and scalable capabilities to understand, measure and remediate threat exposure and associated cyber risk.

SafeBreach has had a landmark year so far, launching its new SafeBreach Exposure Validation Platform in February 2025, which combines breach and attack simulation (BAS) capabilities with attack path validation to provide enterprises with deeper insight into threat exposure and cyber risk.

The award-winning SafeBreach exposure validation platform combines pioneering breach and attack simulation and innovative attack path validation capabilities to help enterprise security teams measure and address security gaps at the perimeter and beyond. SafeBreach helps enterprises transform their security strategy from reactive to proactive safely and at scale.

SafeBreach is a state-of-the-art thought leadership research team, with proven critical discoveries which include forty 0-day vulnerabilities in significant security solutions.

We are regular speakers at the most important global cyber security conferences, with more than twenty main-stage talks at Black Hat and DEFCON conferences.

The best thing about SafeBreach? Definitely the people! SafeBreachers are friendly, collaborative, and hard working. Together, we've built an amazing culture, and we are looking to add more awesome people to our growing team!

💰 What We Offer

  • Competitive salary and equity grants
  • Hybrid flexibility
  • Quarterly recharge weekends
  • Learning & development stipend
  • Generous paid leave policies including flexible PTO and parental leave

Interview Process

Average Duration: ~2-4 weeks

Key steps:

  1. Send your application
  2. Receive a response from us within 5–7 days


If selected:

  1. Intro with the recruiter
  2. Meet the CTO
  3. Take-home assignment
  4. Meet the team at the office
  5. Final Steps
  6. Offer & Onboarding!
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0
Category: Leadership Jobs

Tags: APIs APT Automation C EDR MITRE ATT&CK Offensive security Python R&D Red team Security strategy Strategy TTPs Vulnerabilities WinDbg Windows Zero-day

Perks/benefits: Competitive pay Conferences Equity / stock options Flex hours Flex vacation Home office stipend Parental leave

Region: Middle East
Country: Israel

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.