Staff Malware Researcher / Detection Engineer - Linux

Staff Malware Researcher / Detection Engineer - Linux

At SentinelOne, we’re redefining cybersecurity by pushing the limits of what’s possible—leveraging AI-powered, data-driven innovation to stay ahead of tomorrow’s threats.

From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do. We’re looking for passionate individuals who thrive in collaborative environments and are eager to drive impact. If you’re excited about solving complex challenges in bold, innovative ways, we’d love to connect with you.

What are we looking for?

We are seeking an experienced Staff (technical-leader level) malware researcher / detection engineer with expertise in Linux and / or cloud security domains. You should be capable of exploring new technologies, designing and developing innovative ideas from scratch, and driving new detection capabilities and infrastructure at scale for our products.

What will you do?

• Detect the latest malware and exploits using SentinelOne’s AI-powered Endpoint platform (EPP / EDR).
• Take end-to-end responsibility for behavior-based detection capabilities, including reversing samples, designing detection / prevention methods, and integrating solutions with engineering teams.
• Develop and utilize internal research tools, PoCs, and discover new methods to detect and prevent malicious techniques.
• Lead research efforts, design detection features / epics, mentor team members, and provide technical leadership. Collaborate with researchers, engineers, tech leads, architects, and product management.

Your work will enhance the security of numerous Linux endpoints and cloud workloads protected by our product, serving thousands of enterprise and public sector clients worldwide, and handling billions of events daily.

You are encouraged to write white papers, blogs, and articles if you wish.

• Write tests for new detections
• Conduct low-level security research
• Participate in peer code reviews and design reviews
• Learn new Linux and Cloud security technologies
• Support customers within your domain

What skills & knowledge should you bring?

• Experience in malware analysis (static and dynamic)
• Understanding of Linux and Containers threat landscape (including frameworks, MITRE IaaS)
• Proficiency in Linux OS architecture and internals
• Scripting experience in Python, Lua, or similar languages
• Solid knowledge of C++
• Preferred : reverse engineering of x86 / x64 binaries, understanding of Anti-Virus / Endpoint Protection internals, experience with eBPF, Cloud Workloads (EKS, ECS, Fargate), and production-grade deployment experience.

Why us?

Join us to face extraordinary challenges posed by emerging attacks and technological obstacles. Work with industry-leading professionals in a flexible, independent environment. Influence the design of disruptive products shaping the future of security.

What we offer you

• Flexible working hours; this is a 100% remote role within Italy. We consider only candidates already eligible to work in the EU. Relocation assistance is available for eligible candidates willing to move to the Czech Republic.
• Generous employee stock plan (RSUs), vesting over 4 years with a 1-year cliff.
• Yearly performance bonus, paid in two installments.
• Quadro benefits : private medical, life insurance, accident insurance, study funds, healthcare.
• Up to 30 paid days off annually, flexible time off.
• Global gender-neutral parental leave (16 weeks) & grandparent leave.
• Paid volunteering days and additional company holidays.
• Confidential counseling through the Employee Assistance Program.
• Access to Udemy Business, internal mentoring ('MentorOne'), and support for further education.

Additional country-specific benefits for Italy

SentinelOne is an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, gender identity, age, veteran status, disability, or other protected characteristics.

We participate in the E-Verify Program for all U.S. roles.

J-18808-Ljbffr