Senior Software Engineer, Windows EDR Agent (Golang)

📋 Description

• • Architect, build and harden the next generation of Huntress’ Windows EDR sensor: a lightweight, tamper-resistant agent written in Golang that ships to millions of endpoints and quietly watches for attacker behavior without degrading system performance.
• • Own the full SDLC—from threat-modeling and design through CI/CD, staged roll-outs and post-deployment telemetry—ensuring every release raises the bar for stability, observability and security.
• • Dive deep into Windows internals (process, thread & image notifications, kernel callbacks, WMI, registry, ETW, minifilters, services, COM, Win32 API) to surface the data our SOC needs to catch human-led intrusions that signature-based tools miss.
• • Write defensive code that survives hostile environments: protected processes, anti-tampering ACLs, code-signing, secure IPC, encrypted storage and in-place updates that never require a reboot.
• • Profile and optimize for CPU, memory and disk across 32/64-bit Windows 7→11 and Server 2008R2→2022; squeeze every last drop of efficiency so a 5 MB agent feels invisible on a 1 vCPU VM.
• • Partner with Detection Engineers to translate new attack techniques into real-time telemetry; expose the right events, enrich them with context and stream them reliably even over low-bandwidth links.
• • Collaborate with Product Management to define roadmap items, scope epics, estimate effort and articulate customer-facing value; balance shipping fast with the rigor required for security software.
• • Build and maintain automated test suites (unit, integration, stress, fuzz) that run in ephemeral VMs and containers; achieve >90 % code coverage and catch regressions before they reach beta.
• • Participate in a 24×7 on-call rotation (~quarterly) for agent incidents; debug crashes, memory leaks and mysterious AV conflicts via WinDbg, ProcMon, Wireshark and our in-house telemetry lake.
• • Contribute to internal Golang shared libraries, drive adoption of best practices (staticcheck, race detectors, gosec, dependency scanning) and mentor junior engineers through design reviews and pair programming.
• • Champion a “security-first” culture: perform threat models, document attack surfaces, file CVEs for third-party components and present brown-bag sessions on Windows security internals.
• • Ship features that directly protect 4 M+ endpoints and 7 M+ identities, giving under-resourced IT teams the confidence that a 24×7 human-led SOC is watching their back—because your code made it possible.