Kernel Security Engineer (Sensor team-Kernel)

Join Trend ‧ Join New Generation

趨勢科技 - 全球雲端資安領航者 / 全亞洲最大軟體公司 / 企業版圖橫跨五大洲 / 趨勢全球研發基地在台灣
===============================================================

Overview

AI is currently at the forefront of technological advancement, marking a transformative shift across industries. As a global cybersecurity leader, Trend Micro is committed to staying at the cutting edge of this evolution, with the goal of integrating AI technology to make the exchange of digital information safer and more secure. Fueled by decades of security expertise, world-leading global threat research and intelligence, and continuous innovation, our cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints.

We are building an AI-native engineering organization. That means AI is not an optional accelerator here - it is a core part of how we design, build, test, and ship. We are looking for kernel engineers who have already established their own AI-driven development workflows and are ready to bring that mindset to large-scale, security-critical systems.

Join our Kernel Team - a cornerstone of Trend Micro's core technology division - and help protect hundreds of millions of Windows users from malicious malware and cybercrime. Our team is responsible for delivering the core protection modules that power our products, including behavior monitoring engines, network inspection engines, and file system filter drivers. We leverage state-of-the-art technologies such as Machine Learning and cloud-based solutions to continuously research, develop, and strengthen defenses for our customers worldwide.

As a Kernel Engineer at Trend Micro, you will have the unique opportunity to:

• Trace execution paths deep within the OS to understand root causes of issues at the system level - a perspective that goes far beyond typical software development.
• Design and develop security modules that ship across 100+ Trend Micro products, directly influencing the architecture decisions that protect tens of millions of users globally.
• Stay ahead of the global threat landscape, analyze the latest malware samples, and build best-in-class detection solutions from scratch.
• Collaborate with a high-caliber team, conduct independent research, and continuously sharpen your skills as attack techniques and market technologies evolve.

What You'll Do

• Drive the full development lifecycle with AI at every stage - from spec writing and design, through implementation, testing, deployment, and operations - using tools like Claude Code, GitHub Copilot, or Cursor as a first-class part of your workflow, not a last resort.
• Develop and maintain kernel-mode components for network monitoring (WFP, TDI, and NDIS drivers) and system behavior monitoring.
• Build and maintain user-mode analysis components, including Windows application monitoring, firewall settings management, and application control using scan engines.
• Provide kernel-level behavior and network data to platform systems (e.g., Aegis) by designing logical methods to detect, analyze, and monitor system activity.
• Track and resolve application-layer issues spanning Windows user-mode applications, firewall configurations, and file filtering.
• Analyze emerging threat samples and contribute to the research and design of new protection mechanisms.
• Collaborate with cross-functional teams - product, platform, and security research - to deliver robust and maintainable low-level software.

How You'll Adopt AI

• Established a repeatable AI-native development workflow.
• Practices context engineering: actively managing what is given to AI to produce high-quality, project-appropriate output.
• Familiar with AI-native tools (e.g., Claude Code, GitHub Copilot, Cursor) and how to configure them for a codebase (e.g., CLAUDE.md, Cursor Rules).
• Validates AI-generated output - not just running it and moving on reviewing logic, edge cases, and alignment with system design.
• Experience building or using Agent Skills or MCP servers to extend AI capabilities in a workflow.

Who You Are

• Minimum 3 years of experience developing and shipping kernel-mode software.
• Strong proficiency in C with solid debugging skills, paired with daily hands-on use of AI coding assistants as your default workflow.
• Deep knowledge of Windows internals Linux kernel experience is a plus, with a willingness to learn Windows internals if coming from a Linux background.
• A detective's mindset: able to use reverse engineering and low-level tracing to uncover behavior that isn't documented and can't be found through a simple search.
• An explorer's attitude: detail-oriented, patient, and eager to chase problems to their root - never giving up when the answer isn't obvious.
• Self-motivated with a strong passion for continuous learning.
• Collaborative team player who enjoys working alongside talented engineers.
• Bachelor's degree in Computer Science, Engineering, or equivalent practical experience.

Nice to Have

• Experience driving measurable improvements in team productivity or code quality through AI workflow adoption.
• Built and shipped custom agent skills, MCP servers, or sub-agents that solved a real kernel/systems engineering problem, with a clear view on where AI accelerates vs. where it misleads.
• Familiarity with anti-malware or endpoint security technologies.
• Experience with real-time or event-driven systems at the kernel level.
• Knowledge of cloud security or integration of kernel-level data with cloud-based threat intelligence platforms.
• Contributions to open-source security or systems software projects.

===============================================================