Security Engineer Windows

Origin is building the next generation of endpoint security for the Semantic Era. As AI agents and LLMs fundamentally change how humans interface with computers, legacy signature‑based defenses are failing. We are pioneering a new approach – moving from "known bad" detection to "contextual intent" understanding – to ensure enterprises can safely adopt the productivity of AI without risk. Our platform monitors and protects some of the most important organizations in the world. We are backed by Sequoia Capital, Brightmind Ventures, IA Ventures and other top firms.

Origin is seeking a Security Engineer to drive Windows security research and telemetry architecture. This is a research and systems security role focused on observability pipelines, dissecting adversary tradecraft, and defining defensive strategies through deep systems understanding. You will architect telemetry collection from the Windows kernel, analyze adversary behavior in real‑world enterprise environments, and research attack scenarios to identify gaps in our observability coverage. As the Windows subject matter expert, you will work at the intersection of systems research (instrumentation, performance analysis, data pipelines) and security research (adversary emulation, attack surface analysis, threat modeling). You'll collaborate with engineering to implement your research findings, but your primary focus is research, tradecraft analysis, and security architecture, not software engineering. You'll work with sophisticated telemetry infrastructure and help shape the technical direction of our endpoint observability platform.

• Architect Windows kernel telemetry pipelines: design and validate new instrumentation points (ETW providers, kernel callbacks, performance counters) for endpoint observability
• Dissect adversary tradecraft: reverse‑engineer attacker techniques through malware analysis, threat intelligence, and real‑world incident investigation
• Conduct attack scenario analysis: explore theoretical and practical attack vectors against AI agents, enterprise software, and Windows systems to identify telemetry and detection gaps
• Define security event ontology: establish semantic models for system behaviors, attack patterns, and forensic artifacts that drive detection logic
• Perform systems research on Windows internals: investigate kernel security mechanisms, undocumented APIs, and low‑level system behaviors relevant to security observability
• Validate telemetry coverage through adversary emulation: build and execute attack simulations to verify observability completeness and detection accuracy
• Collaborate with engineering to translate research into production: provide technical requirements for telemetry collection, data schemas, and detection implementations
• Stay current with offensive security research: monitor vulnerability disclosures, exploitation techniques, and emerging Windows attack surfaces
  

• Deep expertise in Windows operating system internals and kernel security architecture (process/thread/memory management, kernel callbacks, security subsystems, undocumented behavior)
• Strong background in offensive security or threat research: practical understanding of exploitation techniques, malware behavior, and attacker tradecraft
• Experience with Windows system telemetry
• Systems research mindset: ability to reverse‑engineer complex systems, investigate undocumented behaviors, and architect data collection pipelines
• Proven ability to dissect and analyze adversary techniques through malware reverse engineering, threat intelligence analysis, or incident response
• Strong analytical and threat modeling skills: hypothesis‑driven investigation, attack scenario contemplation, security architecture analysis
• Ability to communicate complex security and systems concepts to both executive and highly technical audiences
• Comfortable in fast‑paced startup environments with evolving research priorities

• Prior experience in enterprise security research, particularly with endpoint security products (EDR/XDR platforms) or security instrumentation
• Vulnerability research and exploit development background (deep practical understanding of Windows exploitation primitives and attack techniques)
• Published security research: conference talks (Black Hat, DEFCON, REcon), blog posts, open‑source security tooling, or CVE discoveries
• Hands‑on experience with adversary emulation, red teaming, or purple teaming using frameworks like Cobalt Strike, custom tooling, or atomic red team
• Deep expertise in specific Windows attack surfaces: memory injection techniques, process/thread manipulation, credential access, defense evasion, persistence mechanisms
• Experience with low‑level Windows telemetry: hardware performance monitoring (PMC, LBR, Intel PT), kernel debugging, driver development, or rootkit analysis
• Systems programming experience (Rust, C, C++) helpful for prototyping instrumentation or collaborating with engineering, but not primary job function
• Background in malware reverse engineering: analysis of APT malware, ransomware, or sophisticated evasion techniques

Origin is a fully remote team across the US & Canada, built on trust, autonomy, and excellence. We empower our team to take ownership, move with purpose, and continuously improve. Our culture values top performers who align with our mission and embrace high standards. We offer generous healthcare, flexible PTO, and home‑office support, ensuring our team has the freedom and resources to thrive. While we move fast, we prioritize quality, collaboration, and remain committed to building impactful security solutions with precision.

Compensation Range: $150K - $240K