DFIR Manager - Professional Services at CrowdStrike
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. With the ability to collect and process over 100 billion events a day, CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. We are one of the World's Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success.
We have received a number of exciting awards including:
- 2019: Recognized as a Leader by The Forrester Wave: Cybersecurity Incident Response Services report
- 2018: Recognized by IDC MarketScape as a leading provider of Incident Response, Readiness, and Resiliency services
- October 2018: 100 Best Medium Workplaces Second Year in a Row by Fortune magazine.
- June 2018: Closed over $200 million, led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG (Google), achieving a valuation of more than $3 billion.
- April 2018: CrowdStrike Wins SC Award for Best Security Company Second Year in a Row.
CrowdStrike is looking for highly motivated, self-driven, technical consultants dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. Our CrowdStrike Services team offers opportunities to expand your skill set through a wide variety of engagements including front page incident response investigations, adversary-focused penetration testing (be the adversary, don’t just run scans), and proactive and strategic assessment services for organizations you’ll find on the annual Fortune 100 list.
About the Role
- Do you find yourself interested in and keeping up with the latest vulnerabilities and breaches?
- Are you passionate about coaching and mentorship and energized by leading highly effective teams?
- Do you crave new and innovative work that actually matters to your customer?
- Do you have an Incident Response or Information Security background that you’re not fully utilizing?
- Do you love working around like-minded, intelligent people who you can learn from and mentor on a daily basis?
- Lead a team of forensic analysts, familiar with host and/or network-based forensics across Windows, Mac, and Linux platforms.
- Can effectively communicate with executives on the topics of forensics and malware analysis
- Lead red-team, penetration testing activities by leveraging actual adversary TTPs.
- Assess and develop information security and incident response programs in a proactive fashion to help mature the security posture of organizations prior to an incident.
- Lead incident response and proactive engagements.
- Produce high-quality written and verbal reports, presentations, recommendations, and findings to customer management.
- Demonstrate industry thought leadership through blog posts, CrowdCasts, and other public speaking events.
- Manage internal programs or teams.
What You'll Need
Successful candidates will have experience in one or more of the following areas:
- Team leadership experience in a matrixed consulting environment
- Incident Response: experience conducting or managing incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hactivists.
- Computer Forensic Analysis: a background using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.
- Network Forensic Analysis: strong knowledge of network protocols, network analysis tools like Bro/Zeek or Suricata, and ability to perform analysis of associated network logs.
- Incident Remediation: strong understanding of targeted attacks and able to create customized tactical and strategic remediation plans for compromised organizations.
- Network Operations and Architecture/Engineering: strong understanding of secure network architecture and strong background in performing network operations.
- Cloud Development: excellent knowledge in any of the following areas such as AWS, Azure, GCP, Splunk, or Elasticsearch.
- Programming/Scripting: experience coding in Python, Powershell, Bash or Go.
Additionally, all candidates must possess the following qualifications:
- Excellent project management skills.
- Strong oral and written communications skills.
- Contributing thought leader within the incident response industry.
- Ability to foster a positive work environment and attitude.
- Ability to travel on short notice, up to 50% of the time.
Benefits of Working at CrowdStrike:
- Market leader in compensation + stock options
- Competitive vacation policy
- Comprehensive health benefits + 401k plan (US only)
- Paid paternity and maternity leave, including adoption
- Flexible work hours and remote friendly environment
- Wellness programs
- Stocked fridges, coffee, soda, and lots of treats
- Peer recognition
- Inclusive culture focused on people, customers and innovation
- Regular team activities, including happy hours, community service events
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industry’s best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.