Senior Product Security Engineer at Halcyon

About Us

Halcyon is an industry-leading adaptive security platform built to stop ransomware. We combine multiple proprietary prevention engines with AI models to protect and recover systems for mid-market and enterprise customers. Founded by cyber veterans, Halcyon is a remote-native, distributed company focused on delivering resilient, high-impact security solutions.

About the Role

We are hiring a Senior Product Security Engineer to ensure our newest, most innovative defenses are secure and production-ready. You will design and implement security test harnesses, build and integrate fuzzing frameworks, triage findings, and help drive features from research into robust product deployments. This role focuses on Windows agent testing and endpoint hardening to keep customers ahead in the fight against ransomware.

Key Responsibilities

• Endpoint hardening and testing - Design and implement test harnesses that simulate real-world ransomware behavior and threat activity.
• Fuzzing and automated discovery - Develop and integrate fuzzers such as libFuzzer, AFL, WinAFL, or custom tools for automated crash and vulnerability detection.
• User-mode instrumentation - Build user-mode hooking instrumentation, explore EDR bypass techniques, and exercise internal components of the agent.
• Vulnerability research and triage - Reproduce, triage, and analyze security findings against agent components and libraries; perform root-cause analysis and create minimal PoC reproducers.
• Platform expertise - Apply deep Windows internals knowledge to analyze memory, API, and user-mode hooking behaviors, and collaborate on driver-level or API-level integrations when needed.

Required Technical Skills

• 5+ years in product security or endpoint-focused consulting, with hands-on testing of Windows-based agents or EDR/AV products.
• Experience building fuzzers or integrating existing fuzzing frameworks for native code.
• Ability to design and implement automated test harnesses from the ground up.
• Strong Windows OS internals knowledge, including user-mode hooking and Win32 API behavior.
• Proficient in C/C++ and Python, with experience calling Windows APIs and validating security findings.
• Comfortable owning research-driven security features end-to-end, including documentation and technical content.

Bonus Technical Skills

• Rust development experience, especially around FFI or unsafe code.
• Published tooling or research in vulnerability discovery, fuzzing, or automated test frameworks.
• Hands-on experience with CI platforms such as GitHub Actions or Jenkins to automate security workflows.

Why Join Us

Play a critical role designing protections that have real-world impact. Work with elite security researchers and engineers to move research into production. Help shape how next-generation anti-ransomware capabilities are validated, hardened, and shipped.

Benefits

• Comprehensive healthcare, including medical, dental, and vision, with premiums paid in full for employees and dependents.
• 401(k) plan with generous employer contribution.
• Short and long-term disability, life and AD&D coverage, and FSA options.
• Flexible PTO policy and parental leave.
• Generous equity offering and participation in Halcyon’s equity programme.

Compensation

Base Salary Range: $175,000 - $235,000, plus a 10% bonus target and equity. The range is Halcyon’s reasonable estimate and actual pay may vary based on experience, skills, and location.

Apply

To apply, submit your application via the job listing. We are a remote-native company and welcome applicants who are excited to help stop ransomware and protect customers at scale.