Threat Analyst II
About CrowdStrike
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. With the ability to collect and process over 100 billion events a day, CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. We are one of the World's Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success.
We have received a number of exciting awards including:
- October 2018: 100 Best Medium Workplaces Second Year in a Row by Fortune magazine.
- June 2018: Closed over $200 million, led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG (Google), achieving a valuation of more than $3 billion.
- April 2018: CrowdStrike Wins SC Award for Best Security Company Second Year in a Row.
The CrowdStrike Security Response Team is seeking a motivated professional with excellent technical skills to analyze common threat and targeted attacks. The Security Response Team is focused on improving detection capability and efficiency for the Falcon Host platform through tactical analysis of ongoing attacks by criminal and nation state actors impacting our customer base. Security Response Analysts respond and investigate individual incidents and track large scale campaigns of malicious activity. The analyst translates their findings into descriptions of malicious behavior that can be implemented as host based sensor detections designed to detect and prevent security breaches. Security Response is dedicated to responding to our customer's security needs as threats evolve and ensuring CrowdStrike maintains coverage of all relevant threats regardless of the source of attack. Falcon Host is a unique endpoint detection and response solution and Security Analysts on the Security Response Team will have the opportunity to translate their analysis findings into impactful detection capabilities backed by an unprecedented number of events at their disposal for analytic initiatives.
Responsibilities
- Analyze and track ongoing criminal and nation state campaigns targeting CrowdStrike customers.
- Design detection capabilities based on the behavior of malicious actors on hosts.
- Evaluate the efficiency of existing detection capabilities and contribute to their improvement.
- Write blog articles describing malicious campaigns and analysis techniques.
- Develop tools to assist with automation of analysis tasks and tracking of threat actors.
- Contribute to active mitigation efforts and support incident response engagement with technical expertise.
Key Qualifications
Required
- Experience in a security operations center or similar environment tracking threat actors and responding to incidents.
- Experience working with and manipulating large data sets (i.e. billions of events per day).
- Experience designing detection capabilities on network or host based detections systems.
- Ability to express complex technical and non-technical concepts verbally, graphically, and in writing.
- Ability to demonstrate comprehensive, practical knowledge of research / collection skills and analytical methods.
- Strong understanding of current and emerging threats related to financially motivated computer intrusions and scams.
- Understanding of social hacktivism and/or advanced persistent adversaries is a plus.
- Knowledge of programming and scripting languages, in particular Python.
Preferred
- Good understanding of Windows OS internals and the Windows API.
- Familiarity with tools used in targeted and criminal intrusions.
- A background in exploit and vulnerability analysis is a plus.
- Knowledge of a variety of programming languages including C, C++, Java, and assembly.
- General understanding of threat/risk management and threat/risk assessment.
Education
- BA/BS or MA/MS degree or equivalent experience in Computer Science, Information Security, or a related field
Location:
- Sunnyvale or Irvine, California
- Kirkland, Washington
Benefits of Working at CrowdStrike:
- Market leader in compensation and equity awards
- Competitive vacation policy
- Comprehensive health benefits + 401k plan (US only)
- Paid paternity and maternity leave, including adoption
- Flexible work hours and remote friendly environment
- Wellness programs
- Stocked fridges, coffee, soda, and lots of treats
- Peer recognition
- Inclusive culture focused on people, customers and innovation
- Regular team activities, including happy hours, community service events
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industry’s best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.