CrowdStrike is a computer security company that was founded on the principle that effective computer security cannot be achieved without understanding the goals, tactics, and techniques used by determined attackers who can be expected to purposefully and repeatedly pursue their objectives to the detriment of our customers.
CrowdStrike Falcon Host is a two-component security product. One component is a “sensor”, which is a driver installed on client machines that observes system activity and recognizes malicious behavior, then provides on-box prevention capability and remote telemetry to the Falcon Host cloud. The cloud component aggregates sensor telemetry for each customer’s network, can correlate malicious behavior across multiple machines, and presents our customers’ operations teams with a prioritized summary of the threats detected in their environments.
expertise will define what is appropriate, but some tools and development skills will be required.
The first part of stopping a breach is to identify the threats. CrowdStrike’s Falcon product line is designed to provide visibility to the behaviors of a variety of threats. Built on that visibility, the system is trained to correlate behaviors to detect and prevent threats. Step one is to investigate those threats and identify the best method to identify them in the wild.
As part of working with external test labs, emerging threats are tested against Falcon. Most of those threats are detected and prevented. With this stream of data though, it is necessary to understand the threats and ensure we are identifying them correctly, as well as understanding the threats that are not properly detected or prevented. The threats can range from simple malware samples to complex workflows involving new attack vectors, or a combination.
This position is first responsible for taking the data from third parties that we work with and analyzing how the product behaves. The goal is to improve the product for customer’s benefits, and ensure public validation properly represents the capabilities of the product.
- 1-2 years of Malware or Threat research as a primary or secondary job function. This may include binary reverse engineering of malware, or breach based system level threat research.
- Solid systems level understanding of Windows Operating System internals and how they are abused and subverted by malware and malicious actors.
- You must bring a curiosity for how things work and a willingness to learn. As the threat landscape evolves, it can be difficult to keep up with the depth of technical knowledge required to fully understand some exploits and attacks.
- The ability to follow issues to their conclusion in a constrained amount of time. External tests happen on a schedule and the time to investigate and respond is limited. Good time management and focus is required to be successful. This includes self-driven priorities and the ability to properly push back on lower priorities.
- BA/BS in CS or equivalent development experience
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.