Windows Kernel Driver Specialist (Hybrid)

Our Partner

Our Partner is a privately held global cybersecurity leader headquartered in Boston, protecting organizations in nearly 50 countries. Its unified defense platform combines award-winning Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Next-Gen Antivirus (NGAV), and Managed Detection and Response (MDR) with the power of the MalOp™ engine, delivering complete visibility and context to stop attacks in their tracks. Backed by world-class experts and resilience services, the company enables defenders to prevent, detect, and respond to threats faster – across the endpoint, the enterprise, and everywhere the battle moves.

Overall Objective of the Role

We are looking for an expert-level Windows Kernel Driver Specialist to assist our Partner’s engineering team in resolving a critical stability issue. Our Endpoint Detection and Response (EDR) agent is currently experiencing sporadic Blue Screen of Death (BSOD) crashes in the field.

We need an experienced debugger - someone who lives in WinDbg, understands the Windows Memory Manager inside out, and has specific experience improving the stability of file system minifilters and callback-heavy security drivers.

Responsibilities

• Crash Dump Analysis: Perform deep-dive analysis of kernel memory dumps (Minidumps and Complete Memory Dumps) to identify the root cause of the crash (e.g., race conditions, stack overflows, invalid memory access, IRQL violations).
• Reproduction & Isolation: Design stress tests and verification procedures to reliably reproduce the BSOD in a controlled environment using tools like Driver Verifier and specific load-testing scripts.
• Code Review & Remediation: Audit the existing C/C++ driver code (specifically Minifilter callbacks and process notification routines) for thread safety, proper lock usage (Spinlocks/ERESOURCE), and memory handling.
• Patch Implementation: Implement robust fixes for the identified issues, ensuring zero regression in driver performance or security efficacy.
• Validation: Verify fixes using Microsoft Driver Verifier and HLK (Hardware Lab Kit) basics to ensure stability under high stress.

Requirements

Must Have:

• Bachelor’s degree in Computer Science, Engineering, or a related field.
• Expert C/C++ proficiency, with 3+ years of experience in strictly kernel-mode software development.
• WinDbg expertise, including:
  • Post-mortem debugging without symbols to diagnose third-party conflicts.
  • Live kernel debugging using VMware, Hyper-V, or KDNET.
  • Comfortable analysis of stack traces, register states, and trap frames.
• Windows internals — deep understanding of:
  • IRQLs (Interrupt Request Levels) and DPC/dispatcher mechanics.
  • Memory management concepts, including paged vs. non-paged pool and MDLs.
  • Synchronization primitives such as spinlocks, mutexes, and pushlocks.
• File system filter development, including:
  • Proven experience with the Filter Manager Model (FltMgr).
  • Hands-on work with minifilter drivers, including FltRegisterFilter and pre/post-operation callbacks.
• EDR / security driver experience, including familiarity with:
  • Object callbacks (ObRegisterCallbacks).
  • Process, thread, and image load notify routines (PsSetCreateProcessNotifyRoutineEx, etc.).
  • Designing kernel logic to avoid deadlocks in high-frequency system paths.

Nice to Have:

• Reverse engineering, including:
  • Proficiency with IDA Pro or Ghidra.
  • Ability to analyze and diagnose conflicts with third-party drivers (for example, antivirus drivers causing system crashes).
• x64 assembly analysis, including:
  • Ability to read and interpret disassembly.
  • Pinpointing the exact faulting instruction when source-level information is insufficient or ambiguous.
• WHQL / WHCP experience, including:
  • Familiarity with the Windows Hardware Compatibility Program.
  • Experience with driver signing and re-certification when fixes require re-validation.

Reasons to Work with Us

• Competitive financial conditions.
• Opportunity to work on internationally recognized projects.
• Flexible schedule and a hybrid work model, prioritizing remote work as much as possible to support work-life balance.
• An exciting career path within a friendly, dynamic, and growing organization.
• Professional development opportunities in a multicultural environment.
• Private medical coverage with Medlife or Regina Maria.
• Meal vouchers.
• Gift vouchers for special occasions such as birthdays, weddings, or childbirth.
• Wellbeing programs, including sick days, 7Card subscriptions, and relaxation facilities in the office.
• Team-building events and other social experiences.
• Budget allocated for certifications relevant to your project.
• Workshops, internal training sessions, and knowledge-sharing opportunities.
• Access to LinkedIn Learning, upon request.
• Convenient city-center office location.
• Shared parking spaces.

As a global digital transformation company, Orion values creating a productive, diverse work environment. We are committed to maintaining a positive work environment where our people value traits that make each one of us different from one another. We all bring a diverse set of perspectives, work and life experiences, and our differences make us more valuable both internally and for our clients.