Nightfall
AI-native, unified data loss prevention and insider risk management platform
EndpointEngineer-Linux
Neural analysis suggests this role is
optimal for Senior candidates.
“Endpoint Engineer - Linux at Nightfall. Skills: Linux systems expertise, Endpoint Data Loss Prevention (DLP) coverage, Linux agent capabilities, Kernel-level event interception, Userspace policy enforcement, Enterprise deployment. Design and develop data exfiltration prevention applications, kernel modules, system services, and agents on Linux. Build and maintain mission-critical endpoint agents that monitor and enforce DLP policies across Linux distributions (Ubuntu, RHEL/CentOS, and others)”
What You'll Achieve.
Protect sensitive data across SaaS apps, GenAI tools, email, endpoint devices, and more; Detect and stop data exfiltration at scale; Enable organizations to innovate freely without the risks of losing intellectual property or exposing customer data; Regain time by putting data loss prevention on autopilot; Automatic remediation of security violations; Automatic training and coaching of end-users
Industry & Context.
Diagnose and resolve deep systems-level issues including kernel panics, race conditions, file descriptor leaks, and IPC failures; Ability to decompose complex business problems and own them end to end across teams
What They're Looking For.
Must Have
Expertise in C/C++ for Linux systems, Demonstrable experience building production agents or system-level software on Linux, Deep hands-on experience with one or more Linux kernel subsystems relevant to security and monitoring, Experience with kernel-level debugging using tools such as ftrace, perf, crash, SystemTap, or GDB with KGDB, Ability to use reverse engineering and binary analysis techniques when debugging kernel space code, Familiarity with enterprise Linux deployment environments - MDM tools, Ability to decompose complex business problems and own them end to end across teams
Nice to Have
Prior experience building DLP, EDR, or endpoint security products on Linux, Contributions to open-source Linux kernel or eBPF ecosystem projects, Experience with FUSE (Filesystem in Userspace) or overlayfs for file activity interception, Knowledge of Linux audit subsystem (auditd) and its integration with SIEM tooling, Experience developing or integrating with XDR/EDR platforms (CrowdStrike, SentinelOne, or similar), Familiarity with clipboard and X11/Wayland display server internals for content inspection, Background in Go for high-performance agent components
What You'll Do.
Design and develop data exfiltration prevention applications
Build and maintain mission-critical endpoint agents that monitor and enforce DLP policies across Linux distributions (Ubuntu
Implement kernel-level event interception using eBPF
or similar mechanisms to monitor file
and clipboard activity
Develop userspace components that integrate with kernel subsystems and enforce policy decisions in real time
Own complex features from design to delivery - including scoping
and customer-facing documentation
Diagnose and resolve deep systems-level issues including kernel panics
file descriptor leaks
Ensure agent reliability
and minimal performance footprint on target Linux environments
Write and maintain documentation covering internal architecture
and deployment guides for enterprise customers
How You'll Work.
Team & Collaboration
Collaborate closely with the Mac and Windows endpoint teams to align on cross-platform agent architecture, shared policy models, and consistent DLP behaviors
Process & Methodology
Own complex features from design to delivery - including scoping, implementation, testing, and customer-facing documentation
Full Job Description
About Nightfall: Nightfall is the AI-native, unified data loss prevention and insider risk management platform that protects sensitive data across SaaS apps, GenAI tools, email, endpoint devices, and more. Hundreds of customers, spanning AI innovators to top 10 banks, trust Nightfall to detect and stop data exfiltration at scale. Nightfall enables organizations to innovate freely without the risks of losing intellectual property or exposing customer data. Our agentic platform helps security teams regain their time by putting data loss prevention on autopilot. With automatic remediation, security violations can be resolved automatically before they become incidents, and end-users can be automatically trained and coached in the moment to self-heal violations that they introduce. Nightfall is backed by leading VC firms including Bain Capital Ventures (Enrique Salem - former CEO of Symantec), Venrock (early investors in Cloudflare), WestBridge Capital, Pear VC (early investors in Dropbox and Doordash), and a cadre of cybersecurity leaders including Frederic Kerrest (founder of Okta), Maynard Webb (former COO of eBay), Ryan Carlson (President of Chainguard), Kevin Mandia (founder of Mandiant), and many others. About the role: Nightfall is expanding its endpoint Data Loss Prevention (DLP) coverage to Linux, and we are looking for a seasoned Endpoint Engineer to lead this effort. You will be at the ground level of building Linux agent capabilities from the ground up, working alongside our existing Mac and Windows endpoint teams. As an Endpoint Engineer (Linux) at Nightfall, you will design, build, and maintain a production-grade, AI-native DLP agent for Linux - covering kernel-level event interception, userspace policy enforcement, and enterprise deployment. This role requires deep Linux systems expertise and the drive to own a strategic new platform for the company. RESPONSIBILITIES - Design and develop data exfiltration prevention applications, kernel modules, system ser
Applying for this Endpoint Engineer - Linux role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Nightfall?
Real rants from real employees. Read before you apply.