Cyble is a cyber intelligence company that empowers organizations with darkweb & cybercrime monitoring and mitigation services.

About the Role:

We are seeking an experienced and passionate Linux Kernel Developer to join our EDR/XDR Agent/Sensor Development Team. The ideal candidate will have a minimum 6+ years of deep expertise in Linux internals, Linux Kernel Module (LKM) development, C/C++ programming, and a strong understanding of container technologies. You will be part of the EDR/XDR agent/sensor development team, responsible for building core components of our EDR/XDR agent/sensor that operates in both user-space and kernel-space, focusing on system monitoring, threat detection, and remediation within Linux environments, including containerised workloads.

What you’ll do at Cyble:

• Work alongside our senior lead kernel developers to design, develop, and maintain Linux Kernel Modules (LKMs) for various EDR/XDR modules.

• Write LKMs for device management capabilities like USB and Bluetooth device controls within Linux environments.

• Develop user-mode services that interface with kernel modules for event processing, policy enforcement, and interaction with container runtimes.

• Implement real-time remediation actions such as process termination, file deletion/quarantining, and system snapshot/restore functionalities.

• Debug and resolve kernel panics, race conditions, memory leaks, and performance bottlenecks in kernel and user-space components.

• Develop and enhance monitoring capabilities for containerized environments (e.g., Docker, Kubernetes), understanding interactions between the host and containers, and leveraging kernel features like namespaces and cgroups.

• Integrate with backend admin consoles using various integration methods and data exchange formats like JSON and Protobuf.

• Integrate with Threat Intelligence Systems and other downstream components.

• Collaborate with cross-functional teams (security analysts, product managers, QA) to translate detection use cases into scalable agent capabilities for Linux and container environments.   

       

What you’ll  Need:

• Strong proficiency in C and C++, including multithreading and synchronization primitives.
• Deep knowledge of Linux OS internals (e.g., process management, memory management, VFS, system call interface, scheduling, namespaces, cgroups).
• Experience in developing Linux Kernel Modules (LKMs); familiarity with frameworks like eBPF, kprobes, tracepoints, or Linux Security Modules (LSMs) is a plus.
• Strong understanding of Linux security architecture, process/thread management, file system architecture, and inter-process communication.
• Solid understanding of container technologies (e.g., Docker, Kubernetes, containerd, CRI-O) and their underlying kernel primitives.
• Experience in developing security solutions for containerized environments, including monitoring container activity and host-container interactions.
• Familiarity with monitoring frameworks and tools in Linux (e.g., Auditd, perf, ftrace, SystemTap).
• Hands-on experience implementing kernel hooks and callback mechanisms; strong experience in writing user-mode code interacting with kernel components.
• Experience writing components that perform YARA rule lookups.
• Experience with kernel telemetry pipelines (e.g., using eBPF, Auditd, or custom solutions).
• Proven experience writing kernel/user-mode hooks for events such as process creation/execution, library loading, file system changes, network activity, and device access (e.g., USB, Bluetooth).
• Proficiency in building remediation components for various threat categories.
• Familiarity with Linux debugging tools (e.g., GDB, KGDB, crash, ftrace, perf) and analyzing kernel panic dumps.
• Understanding of endpoint security concepts, including EDR/XDR product behavior.

Cyble offers

• A dynamic and collaborative work environment.
• Opportunities for learning and career growth.
• Mentorship from experienced developers to guide you in advancing your skills.

About Cyble:

Cyble is revolutionizing the landscape of cybersecurity intelligence. Founded in 2019, Cyble began as a visionary college project and has quickly transformed into a leading force in proactive cyber threat detection and mitigation, that is now globally significant, with people in 20 countries - Headquartered in Alpharetta, Georgia, and with offices in Australia, Malaysia, Singapore, Dubai, Saudi Arabia and India.

Our mission is clear: to provide visibility, intelligence and cybersecurity protection using cutting-edge advanced technology, giving enterprises a powerful advantage. We democratize real-time intelligence about cyber threats and vulnerabilities, enabling organizations to take proactive measures and maintain robust cybersecurity. We strive to make the digital world a safer place for everyone.

At Cyble, artificial intelligence (AI) and innovation are central to all operations, with a commitment to continuous improvement and excellence in both products and business practices. Cyble values inclusivity, offering team members autonomy and flexibility to balance their professional and personal lives. Cyble fosters a culture where employees voices are heard, contributions are recognized, and everyone is encouraged to be part of something extraordinary. To learn more about Cyble, visit www.cyble.com

Our SaaS-based enterprise platform collects intelligence data in real-time across open and closed sources. This enables you to map, monitor, and mitigate your digital risk footprint.

Through a combination of our industry-leading Machine Learning capabilities and our peerless Human Analytics, we deliver actionable threat intel well before your organization is at risk.