Application Security Engineer
At CrowdStrike we’re on a mission - to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a future-proof manner. We’ve earned numerous honors and top rankings for our technology, organization and people – clearly confirming our industry leadership and our special culture driving it. We also offer flexible work arrangements to help our people manage their personal and professional lives in a way that works for them. So if you’re ready to work on unrivaled technology where your desire to be part of a collaborative team is met with a laser-focused mission to stop breaches and protect people globally, let’s talk.
About the Role
Help us protect CrowdStrike and its customers from the most advanced threats! CrowdStrike’s Application Security team goes deeper than the standard application security team, and thinks like the attacker, to help design secure applications. As an Application Security Engineer, you will perform technical security assessments, static code analysis, and dynamic testing to highlight risk and help engineering teams improve the overall security of our products.
Responsibilities
- Help ensure software and systems are designed and implemented to the highest security standards.
- Develop threat models and test plans for new and existing platform components.
- Conduct static code analysis and dynamic analysis.
- Create tools and automation to help test and monitor product security.
- Test technical system components from module subsystems to entire frameworks.
- Develop system design and coding best practices for engineering teams.
Requirements
- Bachelor’s Degree (minimum) in Computer Science or equivalent work experience
- Minimum of 4 years of experience working in the field of Application Security, Network Security, Mobile Application Security, or Cloud Security
- Programing knowledge in at least 2 languages (C/C++, Go, Python preferred)
- Experience in vulnerability identification, assessment, and remediation
- Strong communication (written and verbal), interpersonal and problem-solving skills
- Knowledge of networking principles and applications, including protocol level
- Exposure to Windows, OSX, and Linux operating system
- Experience testing Restful APIs
- Experience with at least two of the following: Application Security testing methodologies, Reverse Engineering (User-mode, Kernel-mode), and Penetration Testing techniques
- Familiarity with tools such as Wireshark, Kali, IDA Pro, Hopper, Radare2/GDB, BurpSuite, Nmap
- Experience with threat modeling software and networked systems
Bonus Points
- Strong debugging skills. Ability to spot design flaws, race conditions, performance bottlenecks in complex architectures and simple misconfigurations.
- Knowledge of theoretical and applied Cryptography
- Familiarity with secure coding concepts
- Vulnerability Research, Fuzzing, Exploit Development.
- Experience writing custom plugins and automating RE tasks for tools such as Immunity Debugger.
- Familiarity with OWASP Top 10, CWE, SANS Top 25
- You’re a clear thinker and efficient communicator
- Other technical security certifications or academic background
- Familiar with Failure Mode Effects Analysis applied to software systems
- Experience working remotely
#LI-NT1
Benefits of Working at CrowdStrike:
- Market leader in compensation and equity awards
- Competitive vacation policy
- Comprehensive health benefits + 401k plan
- Paid parental leave, including adoption
- Flexible work environment
- Wellness programs
- Stocked fridges, coffee, soda, and lots of treats
We are committed to building an inclusive culture of belonging that not only embraces the diversity of our people but also reflects the diversity of the communities in which we work and the customers we serve. We know that the happiest and highest performing teams include people with diverse perspectives and ways of solving problems so we strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.