About Prelude

Prelude Security is building the category leader in Runtime Memory Protection — an endpoint product that detects and blocks in-memory execution, memory zero-day exploitation, and ransomware execution entirely from user mode. We are a small team of security researchers and software developers working to reinvent the way we protect endpoints in a world where threats are complex, emergent, and accelerating. Backed by Sequoia Capital, Insight Partners, and other leading investors, we are building an advanced security solution to detect in-memory attacks on endpoints.

We are a small team of security researchers and software developers working to reinvent the way we protect endpoints in a world where threats are complex, emergent, and accelerating. Backed by Sequoia Capital, Insight Partners, and other leading investors, we are building an advanced security solution to detect in-memory attacks on endpoints, which is written in Rust and runs exclusively in user mode. It leverages advances in modern edge computing architecture, hardware-level telemetry, and a graph-based understanding of the Windows operating system to catch adversaries the moment that they compromise an endpoint. Rather than endlessly attempting to predict what an adversary might do, trapping adversaries at this universal and unavoidable chokepoint that lies at the center of their operations allows us to focus all of our efforts on what they must do, regardless of their sophistication or how much creativity (or AI) they apply to their tactics.

Our goal is simple: to detect out-of-context execution in a way that remains entirely outside the adversary’s control. Out-of-context execution occurs when an attacker coerces an application to run code paths that were not intended by the original application. This includes in-memory execution techniques such as local and remote injection, exploitation that results in the execution of dynamic code, and fileless malware

Role

Prelude is seeking a Principal Security Researcher to conduct in-depth technical analysis of modern and adaptive adversary tactics, Windows internals, and operating system telemetry sources, enabling the development of relevant tests and effective detections within Prelude’s endpoint protection platform.

As a subject matter expert, you will specialize in one or more areas crucial to Prelude's research, such as operating system internals, reverse engineering, malware development, offensive security, program analysis, performance profiling or detection engineering. Success in this role hinges on delivering high-quality research, driving innovation, adapting swiftly, and fostering collaboration across teams and business units.

Given the confidential nature of our work, we require an NDA to be signed after an introductory call if there is mutual interest in moving forward.

Responsibilities

• Conduct in-depth research on operating system internals to pinpoint sources of defensive telemetry crucial for detecting adversary tactics, specifically targeting code execution

• Analyze modern adversary tradecraft, deciphering technique relevance, inner workings, and detectability

• Translate and implement research findings into actionable improvements for Prelude's endpoint protection platform

• Produce high-quality, public-facing security research content, including blog posts and conference talks

• Stay abreast of cutting-edge offensive and defensive security techniques through continuous self-study and research

• Serve as the subject matter expert in adversary tradecraft and security operations, supporting other business units on their projects as needed

• Support other Researchers on the team with their research and actively engage in team-driven initiatives

Skills and Experience

• Deep knowledge of Windows operating system internals and static/dynamic reverse engineering

  • Our most commonly used tools: IDA Pro, Binary Ninja, Ghidra, and WinDbg

• 5+ years of experience in one or more of the following areas:

  • Offensive security, specifically red team operations or purple teaming

  • Detection engineering, specifically, writing robust, production-scale queries in any major EDR

  • Systems programming, ideally using Rust or C/C++

  • Program analysis and performance profiling

• Strong understanding of how modern EDRs/XDRs work internally

• Ability to explain complex technical concepts and research outputs to both executive-level and highly technical consumers

• Aptitude for working in a fast-paced, adaptive startup environment

Nice to Haves

• Prior experience in enterprise software development using Rust

• Prior vulnerability research and exploit development experience

Working at Prelude

Prelude is a fully remote team across the US & Canada, built on trust, autonomy, and excellence. We empower our team to take ownership, move with purpose, and continuously improve. Our culture values top performers who align with our mission and embrace high standards. We offer generous healthcare, flexible PTO, and home-office support, ensuring our team has the freedom and resources to thrive. While we move fast, we prioritize quality, collaboration, and remain committed to building impactful security solutions with precision.