Why This Job is Featured on The SaaS Jobs
This Security Engineer role stands out in the SaaS security landscape because it is oriented around endpoint telemetry and research rather than typical enterprise security operations. The scope centers on Windows kernel observability, event semantics, and adversary tradecraft, which maps closely to how modern security SaaS products differentiate through data quality, coverage, and detection fidelity. With the company positioned as a platform provider, the work sits near the technical core of a product that must operate reliably across varied customer environments.
For a SaaS career path, the role builds durable expertise in turning low level system signals into productizable security outcomes. Experience designing telemetry pipelines, defining ontologies for security events, and validating coverage through emulation translates across EDR, XDR, and broader detection and response platforms. The emphasis on collaborating with engineering to operationalize research also develops a pragmatic interface between deep technical investigation and production constraints common in SaaS delivery.
This position is best suited to professionals who prefer hypothesis driven research, are comfortable owning a Windows specialty area, and enjoy working across instrumentation, analysis, and architecture. It fits those who want their security depth to influence product direction while remaining anchored in hands on technical work.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Location
United States, Canada
Employment Type
Full time
Compensation
- Senior Security Engineer$150K – $180K • Offers Equity
- Staff Security Engineer$175K – $205K • Offers Equity
- Principal Security Engineer$195K – $240K • Offers Equity
About Origin by Prelude
Origin is building the next generation of endpoint security for the Semantic Era. As AI agents and LLMs fundamentally change how humans interface with computers, legacy signature-based defenses are failing. We are pioneering a new approach - moving from "known bad" detection to "contextual intent" understanding - to ensure enterprises can safely adopt the productivity of AI without the risk. Our platform monitors and protects some of the most important organizations in the world. We are backed by Sequoia Capital, Brightmind Ventures, IA Ventures and other top firms.
Role
Origin is seeking a Security Engineer to drive Windows security research and telemetry architecture. This is a research and systems security role focused on building observability pipelines, dissecting adversary tradecraft, and defining defensive strategies through deep systems understanding. You will architect telemetry collection from the Windows kernel, analyze adversary behavior in real-world enterprise environments, and research attack scenarios to identify gaps in our observability coverage.
As the Windows subject matter expert, you will work at the intersection of systems research (instrumentation, performance analysis, data pipelines) and security research (adversary emulation, attack surface analysis, threat modeling). You'll collaborate with engineering to implement your research findings, but your primary focus is research, tradecraft analysis, and security architecture, not software engineering. You'll work with sophisticated telemetry infrastructure and help shape the technical direction of our endpoint observability platform.
Responsibilities
Architect Windows kernel telemetry pipelines: design and validate new instrumentation points (ETW providers, kernel callbacks, performance counters) for endpoint observability
Dissect adversary tradecraft: reverse-engineer attacker techniques through malware analysis, threat intelligence, and real-world incident investigation
Conduct attack scenario analysis: explore theoretical and practical attack vectors against AI agents, enterprise software, and Windows systems to identify telemetry and detection gaps
Define security event ontology: establish semantic models for system behaviors, attack patterns, and forensic artifacts that drive detection logic
Perform systems research on Windows internals: investigate kernel security mechanisms, undocumented APIs, and low-level system behaviors relevant to security observability
Validate telemetry coverage through adversary emulation: build and execute attack simulations to verify observability completeness and detection accuracy
Collaborate with engineering to translate research into production: provide technical requirements for telemetry collection, data schemas, and detection implementations
-
Stay current with offensive security research: monitor vulnerability disclosures, exploitation techniques, and emerging Windows attack surfaces
Skills & Experience
Deep expertise in Windows operating system internals and kernel security architecture (process/thread/memory management, kernel callbacks, security subsystems, undocumented behavior)
Strong background in offensive security or threat research: practical understanding of exploitation techniques, malware behavior, and attacker tradecraft
Experience with Windows system telemetry
Systems research mindset: ability to reverse-engineer complex systems, investigate undocumented behaviors, and architect data collection pipelines
Proven ability to dissect and analyze adversary techniques through malware reverse engineering, threat intelligence analysis, or incident response
Strong analytical and threat modeling skills: hypothesis-driven investigation, attack scenario contemplation, security architecture analysis
Ability to communicate complex security and systems concepts to both executive and highly technical audiences
-
Comfortable in fast-paced startup environments with evolving research priorities
Nice to Haves
Prior experience in enterprise security research, particularly with endpoint security products (EDR/XDR platforms) or security instrumentation
Vulnerability research and exploit development background (deep practical understanding of Windows exploitation primitives and attack techniques)
Published security research: conference talks (Black Hat, DEFCON, REcon), blog posts, open-source security tooling, or CVE discoveries
Hands-on experience with adversary emulation, red teaming, or purple teaming using frameworks like Cobalt Strike, custom tooling, or atomic red team
Deep expertise in specific Windows attack surfaces: memory injection techniques, process/thread manipulation, credential access, defense evasion, persistence mechanisms
Experience with low-level Windows telemetry: hardware performance monitoring (PMC, LBR, Intel PT), kernel debugging, driver development, or rootkit analysis
Systems programming experience (Rust, C, C++) helpful for prototyping instrumentation or collaborating with engineering, but not primary job function
Background in malware reverse engineering: analysis of APT malware, ransomware, or sophisticated evasion techniques
Working at Origin
Origin is a fully remote team across the US & Canada, built on trust, autonomy, and excellence. We empower our team to take ownership, move with purpose, and continuously improve. Our culture values top performers who align with our mission and embrace high standards. We offer generous healthcare, flexible PTO, and home-office support, ensuring our team has the freedom and resources to thrive. While we move fast, we prioritize quality, collaboration, and remain committed to building impactful security solutions with precision.
Compensation Range: $150K - $240K
