Application Security Engineer II/III
Help us protect CrowdStrike and its customers from the most advanced threats! CrowdStrike’s Application Security team breaks the mold of traditional application security and thinks like the attacker to help design secure applications. As an Application Security Engineer, you will perform technical security assessments, code reviews, and security testing to highlight risk and help engineering teams improve the overall security of our products.
Responsibilities
- Help ensure software and systems are designed and implemented to the highest security standards.
- Develop threat models and test plans for new and existing platform components.
- Create tools and automation to help test and monitor product security.
- Test technical system components from module subsystems to entire frameworks.
- Develop system design and coding best practices for engineering teams.
Requirements
- Bachelor’s Degree (minimum) in Computer Science or equivalent work experience
- Minimum of 3 years of experience working in the field of Application Security, Network Security, Mobile Application Security, or Cloud Security
- Programing knowledge in at least 2 languages (C/C++, Go, Python preferred)
- Experience in vulnerability identification, assessment, and remediation
- Strong communication (written and verbal), interpersonal and problem-solving skills
- Protocol knowledge of TCP/IP, HTTP, applied Cryptography, others
- Exposure to Windows, OSX, and Linux operating system
- Experience with at least two of the following: Application Security testing methodologies, Reverse Engineering (User-mode, Kernel-mode), and Penetration Testing techniques
- Familiarity with tools such as Wireshark, Kali, IDA Pro, Hopper, Radare2/GDB, BurpSuite, Nmap, others
Bonus Points
- Strong debugging skills. Ability to spot design flaws, race conditions, performance bottlenecks in complex architectures and simple misconfigurations.
- Experience testing Restful APIs
- Familiarity with secure coding concepts
- Vulnerability Research, Fuzzing, Exploit Development.
- Experience writing custom plugins and automating RE tasks for tools such as Immunity Debugger.
- Familiarity with OWASP Top 10, CWE, SANS Top 25
- You’re a clear thinker and efficient communicator
- OSCP certified
- Other technical security certifications or academic background
- Familiar with Failure Mode Effects Analysis applied to software systems
- Experience working remotely
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industries best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.