Sr. Software Engineer, Sensor - Anti-Tampering/SSP (Hybrid)

CrowdStrikeSunnyvale, CA
$140,000 - $215,000Hybrid

About The Position

CrowdStrike's Sensor Security Platform (SSP) team is building up a dedicated Sensor Anti-Tampering engineering team to protect the Falcon sensor against adversary subversion. The Falcon sensor runs on millions of endpoints — and is a high-value target for sophisticated threat actors who seek to disable, evade, or degrade endpoint protection as a precursor to their attacks. This role exists at the intersection of offense and defense: you will think like an adversary to protect one of the world's most widely deployed security agents. You will design and implement tamper-resistance, tamper-detection, and tamper-response capabilities that ensure the Falcon sensor remains operational and trustworthy — even when an attacker has elevated privileges on the endpoint. The Anti-Tampering domain spans all major OS platforms: Windows, macOS, Linux. While no single engineer is expected to be expert across all platforms, you will bring deep OS and systems expertise on at least one, and develop cross-platform perspective as part of the team.

Requirements

  • Deep systems programming expertise on at least one major platform (Windows, macOS, or Linux) — particularly in areas relevant to security agent protection: kernel interfaces, driver frameworks, process/memory protection, system service architecture
  • Ability to reason adversarially: understand how an attacker with local admin or root privileges would attempt to disable or evade a security agent, and design defenses accordingly
  • Strong C/C++ skills and comfort working in large, complex codebases
  • Ability to design and implement solutions that are both security-hardened and production-safe (anti-tampering must not compromise system stability)
  • Ability to reason about, describe, and communicate the security properties and assumptions of complex systems
  • Experience shipping security-critical software where correctness and reliability are non-negotiable
  • Ability to work effectively in a distributed, cross-timezone team with complex subject matter expertise
  • Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.

Nice To Haves

  • Direct experience with anti-tampering, self-protection, or agent-hardening at another EDR/endpoint security company
  • Experience with Windows kernel development (minifilters, callbacks, protected processes, Secure Boot/ELAM, ETW)
  • Experience with macOS system extensions, endpoint security framework, or kext development
  • Experience with Linux security modules, eBPF, or kernel module development
  • Reverse engineering or vulnerability research background
  • Red team or offensive security experience (understanding attacker tooling that targets EDR)
  • Familiarity with hypervisor-level security or ESXi agent architecture

Responsibilities

  • Design, implement and own sensor anti-tampering capabilities — including tamper prevention, tamper detection, and tamper response mechanisms
  • Collaborate with CrowdStrike's adversary intelligence, red team, and product security groups to stay ahead of emerging anti-EDR tradecraft
  • Partner with our threat analysts to understand adversary techniques targeting EDR agents (e.g. unhooking, driver manipulation, process termination, credential abuse, policy subversion) and develop mitigations against them
  • Reason about and enumerate the sensor's attack surface on your platform(s) of expertise, identifying gaps in tamper-resistance coverage
  • Contribute to cross-platform anti-tampering architecture — ensuring consistency of guarantees while respecting platform-specific realities
  • Write code in C/C++ and in CrowdStrike's internal domain-specific languages (you will be trained in the DSL; it is event-driven, asynchronous, and used extensively in the sensor's detection and response logic)
  • Write unit, functional and integration tests — including adversarial test cases that simulate tamper attempts
  • Participate in security design reviews for new sensor features, advising on tamper-resistance implications
  • Diagnose and respond to production escalations related to sensor tampering — including ProdSec and customer-reported issues

Benefits

  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees regardless of level or role
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe
  • health insurance
  • 401k
  • paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service