About this role
About Origin by Prelude
Origin is building the next generation of endpoint security for the Semantic Era. As AI agents and LLMs fundamentally change how humans interface with computers, legacy signature-based defenses are failing. We are pioneering a new approach - moving from "known bad" detection to "contextual intent" understanding - to ensure enterprises can safely adopt the productivity of AI without the risk. Our platform monitors and protects some of the most important organizations in the world. We are backed by Sequoia Capital, Brightmind Ventures, IA Ventures and other top firms.
Role
Origin is seeking a Security Engineer to drive macOS security research and telemetry architecture. This is a research and systems security role focused on building observability pipelines, dissecting adversary tradecraft, and defining defensive strategies through deep systems understanding. You will architect telemetry collection from the macOS kernel, analyze attacker behavior in real-world enterprise environments, and contemplate attack scenarios to identify gaps in our detection coverage.
As the macOS security subject matter expert, you will work at the intersection of systems research (kernel instrumentation, performance analysis, data pipelines) and security research (adversary emulation, attack surface analysis, threat modeling). You'll collaborate with engineering to implement your research findings, but your primary focus is research, tradecraft analysis, and security architecture, not software engineering. You'll work with sophisticated kernel telemetry infrastructure (Endpoint Security Framework, Network Extensions, kernel tracing) and help shape the technical direction of our endpoint observability platform.
Responsibilities
Architect macOS telemetry pipelines: design and validate new instrumentation points (Endpoint Security Framework, Network Extensions, kernel tracing, performance counters) for endpoint observability
Dissect adversary tradecraft: reverse-engineer attacker techniques through malware analysis, threat intelligence, and real-world incident investigation
Conduct attack scenario analysis: explore theoretical and practical attack vectors against AI agents, enterprise software, and macOS systems to identify telemetry and detection gaps
Define security event ontology: establish semantic models for system behaviors, attack patterns, and forensic artifacts that drive detection logic
Perform systems research on macOS internals: investigate kernel security mechanisms, undocumented APIs, and low-level system behaviors relevant to security observability
Validate telemetry coverage through adversary emulation: build and execute attack simulations to verify observability completeness and detection accuracy
Collaborate with engineering to translate research into production: provide technical requirements for telemetry collection, data schemas, and detection implementations
Stay current with offensive security research: monitor vulnerability disclosures, exploitation techniques, and emerging macOS attack surfaces
Skills & Experience
Deep expertise in macOS operating system internals and kernel security architecture (XNU kernel, process/thread/memory management, Mach messaging, security frameworks, undocumented behavior)
Strong background in offensive security or threat research: practical understanding of exploitation techniques, malware behavior, and attacker tradecraft
Experience with macOS kernel instrumentation and telemetry systems (Endpoint Security Framework, Network Extensions, kernel event tracing, or kernel extension development)
Systems research mindset: ability to reverse-engineer complex systems, investigate undocumented behaviors, and architect data collection pipelines
Proven ability to dissect and analyze adversary techniques through malware reverse engineering, threat intelligence analysis, or incident response
Strong analytical and threat modeling skills: hypothesis-driven investigation, attack scenario contemplation, security architecture analysis
Ability to communicate complex security and systems concepts to both executive and highly technical audiences
Comfortable in fast-paced startup environments with evolving research priorities
Nice to Haves
Prior experience in enterprise security research, particularly with endpoint security products (EDR/XDR platforms) or security instrumentation
Vulnerability research and exploit development background (deep practical understanding of macOS exploitation primitives and attack techniques)
Published security research: conference talks (Black Hat, DEFCON, REcon), blog posts, open-source security tooling, or CVE discoveries
Hands-on experience with adversary emulation, red teaming, or purple teaming using frameworks like Sliver, custom tooling, or atomic red team
Deep expertise in specific macOS attack surfaces: process injection techniques, TCC bypass, credential access, defense evasion, persistence mechanisms
Experience with low-level macOS telemetry: kernel debugging, DTrace/Instruments profiling, kernel extension development, or rootkit analysis
Systems programming experience (Rust, C, C++, Objective-C, Swift) helpful for prototyping instrumentation or collaborating with engineering, but not primary job function
Background in malware reverse engineering: analysis of macOS malware, ransomware, or sophisticated evasion techniques
Working at Origin
Origin is a fully remote team across the US & Canada, built on trust, autonomy, and excellence. We empower our team to take ownership, move with purpose, and continuously improve. Our culture values top performers who align with our mission and embrace high standards. We offer generous healthcare, flexible PTO, and home-office support, ensuring our team has the freedom and resources to thrive. While we move fast, we prioritize quality, collaboration, and remain committed to building impactful security solutions with precision.