Security Engineer (MacOS) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Prelude · 2 days ago

Security Engineer (MacOS)

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
money$150K/yr - $240K/yr

Prelude is pioneering the next generation of endpoint security for the Semantic Era, focusing on the challenges posed by AI agents and LLMs. The Security Engineer will conduct macOS security research, architect telemetry systems, and analyze adversary behavior to enhance enterprise security measures.

Cyber SecurityDesktop AppsInformation Technology
check
H1B Sponsor Likelynote

Responsibilities

Architect macOS telemetry pipelines: design and validate new instrumentation points (Endpoint Security Framework, Network Extensions, kernel tracing, performance counters) for endpoint observability
Dissect adversary tradecraft: reverse-engineer attacker techniques through malware analysis, threat intelligence, and real-world incident investigation
Conduct attack scenario analysis: explore theoretical and practical attack vectors against AI agents, enterprise software, and macOS systems to identify telemetry and detection gaps
Define security event ontology: establish semantic models for system behaviors, attack patterns, and forensic artifacts that drive detection logic
Perform systems research on macOS internals: investigate kernel security mechanisms, undocumented APIs, and low-level system behaviors relevant to security observability
Validate telemetry coverage through adversary emulation: build and execute attack simulations to verify observability completeness and detection accuracy
Collaborate with engineering to translate research into production: provide technical requirements for telemetry collection, data schemas, and detection implementations
Stay current with offensive security research: monitor vulnerability disclosures, exploitation techniques, and emerging macOS attack surfaces

Qualification

MacOS internalsKernel security architectureOffensive securityMalware analysisKernel instrumentationData collection pipelinesThreat modelingAnalytical skillsStartup environment adaptabilityCommunication skills

Required

Deep expertise in macOS operating system internals and kernel security architecture (XNU kernel, process/thread/memory management, Mach messaging, security frameworks, undocumented behavior)
Strong background in offensive security or threat research: practical understanding of exploitation techniques, malware behavior, and attacker tradecraft
Experience with macOS kernel instrumentation and telemetry systems (Endpoint Security Framework, Network Extensions, kernel event tracing, or kernel extension development)
Systems research mindset: ability to reverse-engineer complex systems, investigate undocumented behaviors, and architect data collection pipelines
Proven ability to dissect and analyze adversary techniques through malware reverse engineering, threat intelligence analysis, or incident response
Strong analytical and threat modeling skills: hypothesis-driven investigation, attack scenario contemplation, security architecture analysis
Ability to communicate complex security and systems concepts to both executive and highly technical audiences
Comfortable in fast-paced startup environments with evolving research priorities

Preferred

Prior experience in enterprise security research, particularly with endpoint security products (EDR/XDR platforms) or security instrumentation
Vulnerability research and exploit development background (deep practical understanding of macOS exploitation primitives and attack techniques)
Published security research: conference talks (Black Hat, DEFCON, REcon), blog posts, open-source security tooling, or CVE discoveries
Hands-on experience with adversary emulation, red teaming, or purple teaming using frameworks like Sliver, custom tooling, or atomic red team
Deep expertise in specific macOS attack surfaces: process injection techniques, TCC bypass, credential access, defense evasion, persistence mechanisms
Experience with low-level macOS telemetry: kernel debugging, DTrace/Instruments profiling, kernel extension development, or rootkit analysis
Systems programming experience (Rust, C, C++, Objective-C, Swift) helpful for prototyping instrumentation or collaborating with engineering, but not primary job function
Background in malware reverse engineering: analysis of macOS malware, ransomware, or sophisticated evasion techniques

Benefits

Generous healthcare
Flexible PTO
Home-office support

Company

Prelude

twittertwittertwitter
Glassdoor3.6
company-logo
Prelude is a technology company that helps organizations proactively ask questions of their security systems to advance their defenses.
dateFounded in 2020
location
Seattle, Washington, USA
people-size11-50 employees
web-link
https://www.preludesecurity.com

H1B Sponsorship

Prelude has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)

Funding

Current Stage
Early Stage
Total Funding
$41.83M
Key Investors
Brightmind PartnersSequoia CapitalGeneral Advance
2025-09-25Series Unknown· $16M
2022-04-12Series A· $24M
2020-09-24Seed· $1.82M

Leadership Team

leader-logo
Spencer Thompson
Co-founder & CEO
linkedin
leader-logo
Pete Constantine
Chief Product Officer
linkedin

Recent News

Venture Capital Firms
Prelude Security Announces Additional $16M Investment Led by Brightmind Partners, Along With Sequoia Capital and Insight Partners, To Build the Next Generation of Endpoint Security
2025-09-26
citybiz
Prelude Security Secures $16M Investment from Brightmind Partners, Sequoia, and Insight to Advance Endpoint Security
2025-09-26
thefastmode.com
Aduna, Prelude Team Up to Bring SIM Swap and Number Verification APIs to European Markets
2025-09-24
Company data provided by crunchbase