Malware Researcher / Detection Engineer - Linux

Malware Researcher / Detection Engineer - Linux

Join to apply for the Malware Researcher / Detection Engineer - Linux role at SentinelOne.

About Us

At SentinelOne, we’re redefining cybersecurity by leveraging AI-powered, data-driven innovation to stay ahead of tomorrow’s threats. We build industry-leading products and cultivate an exceptional company culture, guided by core values. We seek passionate individuals who thrive in collaborative environments and are eager to make an impact. If you enjoy solving complex challenges in bold, innovative ways, we’d love to connect with you.

What are we looking for?

We are looking for a talented malware researcher / detection engineer with experience in Linux and/or cloud security. You should be capable of exploring new technologies, designing and developing innovative ideas from scratch, and driving detection capabilities and infrastructure at scale.

What will you do?

1. Detect new malware and exploits using SentinelOne’s AI-powered Endpoint platform (EPP / EDR).
2. Take end-to-end responsibility for behavior-based detection, including reversing samples, designing detection/prevention methods, and integrating solutions with engineering teams.
3. Develop and utilize internal research tools, PoCs, and discover new detection/prevention techniques.

Your work will enhance security across Linux endpoints and cloud workloads protected by our product, serving thousands of users globally and processing billions of events daily. You are encouraged to write white papers, blogs, and articles if you wish.

• Detection development
• Writing tests for new detections
• Conducting low-level security research
• Participating in peer code reviews and design reviews
• Learning new Linux and Cloud security technologies
• Supporting customers within your domain

Skills & Knowledge Needed

• Experience with reverse engineering x86/x64 binaries
• Malware analysis (static and dynamic)
• Understanding of Linux and container threat landscape (MITRE IaaS, frameworks)
• Proficiency in Linux OS internals (processes, memory, etc.)
• Scripting skills in Python, Lua, or similar
• Solid knowledge of C++
• Preferred: understanding of Anti-Virus/Endpoint Protection internals, eBPF, Cloud workloads (EKS, ECS, Fargate), and experience with large-scale production products

Why us?

Work on the latest attacks and technological challenges with industry leaders in a flexible, independent environment. Influence the design of disruptive security products shaping the industry of tomorrow.

What We Offer

• Remote work within Spain, with flexible hours and optional coworking memberships
• Eligibility to work in the EU required; relocation assistance available for candidates eligible to work in the EU willing to move to the Czech Republic
• Employee stock plan (RSUs), 4-year vesting, 1-year cliff
• Yearly performance bonus, paid in two installments
• 30 days paid leave, flexible sick days
• Pension, life, and medical/dental insurance
• Monthly allowances for meals, transport, and home office
• Parental leave (16 weeks), grandparent leave, volunteering days, additional holidays
• Employee assistance program, training platform (Udemy)
• Referral bonuses

Additional Benefits for Spain

SentinelOne is an Equal Opportunity Employer. We do not discriminate based on race, religion, gender, age, disability, or other protected characteristics. We participate in the E-Verify program for U.S. roles.

Employment Details

• Full-time
• Position in IT / Security industry
• Seniority level: Not applicable

Referrals can double your chances of interviewing. Apply now to join SentinelOne’s innovative team.