Engineer III – Sensor, Windows Vulnerability Research & Detection (Remote) at CrowdStrike – USA CO Remote

#WeAreCrowdStrike and our mission is to stop breaches. As the global leader in cybersecurity, our team has changed the game. Since our founding, our industry-leading cloud-native platform has provided unmatched protection against the most sophisticated cyberattacks. We operate on large-scale distributed systems, processing over 1 trillion events per day with a petabyte of RAM in our Cassandra clusters—and this traffic is growing daily. We’re looking for individuals with boundless passion, a relentless focus on innovation, and a fanatical dedication to developing and shaping our cybersecurity platform. Consistently recognized as a top place to work, CrowdStrike is committed to cultivating an inclusive, remote-first culture that gives people the autonomy and flexibility to balance work-life demands while advancing their careers. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters—one team, one fight.

About the role:

CrowdStrike is seeking a Software Engineer III to join our growing Content Research & Exploit Detection team within the Content group. This group focuses on researching emerging vulnerabilities, mitigating exploits, and developing security-related endpoints on the Windows operating system.

The Content group plays a central role in fulfilling CrowdStrike’s mission to stop breaches. Within the Content Research & Exploit Detection (CRED) team, we research the latest common vulnerabilities and exposures (CVEs) to develop tools and techniques that extend sensor visibility and explore ways to detect advanced malicious behavior on customer endpoint devices. Our goal is to enable the sensor to autonomously identify and stop tools, techniques, and procedures where possible, and to provide security analysts with actionable visibility and guidance when new, previously unknown adversary activity occurs.

As a Software Engineer III within the CRED team, you will focus on the analysis and development of detection strategies for attack techniques in supported Windows OS versions. You will work collaboratively to implement detection logic into the Falcon Sensor, which includes both user-mode and kernel-mode components that together observe system activity, recognize malicious behavior, provide on-box prevention and remediation capabilities, and send relevant security-related telemetry to the Falcon Cloud. You will help find creative and resourceful ways to detect Windows-specific threats and also assist in developing features that leverage telemetry from common OS subsystems such as: file system, memory, process, and network activity. You will gain experience with both user-mode and kernel-mode coding practices.

As a Software Engineer III, you will also collaborate with a wide range of other teams in the group, contributing to team initiatives and assisting with operational response requirements. You will be expected to contribute from early concept through design, implementation, release, and bugtail/support with a focus on and passion for sensor performance, testing, and feature support. We are looking for bright people who want to be challenged and take ownership of what they build.

What you will do:

• Identify common weaknesses and develop proof-of-concepts that can exploit vulnerable code paths.

• Design and build detection logic and systems that are leveraged by teams within CrowdStrike to detect cyber attackers and stop breaches.

• Extend our existing codebase and test suites using C, C++, Python, and other tools as needed.

• Brainstorm, define and build together with multiple teams.

• Be obsessed with learning and promote the latest technologies and tricks together with others, increasing the team’s technical IQ.

• Give and accept feedback with grace and courtesy.

• Troubleshoot the product as needed, provide customer service support, test breaks, perform crash dumps, and implement release blockers.

• Leverage your knowledge of best technical practices, including topics such as secure coding, testing paradigms, effective peer code reviews, logging, and resilient architecture patterns, to ensure clean, supportable coding practices.

• Be an energetic self-starter who takes ownership and is accountable for results, both individually and in a growing team.

What do you need:

• Further education in computer science, engineering or information security OR relevant experience.

• Basic knowledge of the internal workings of the Windows operating system, security features, components, APIs, and design.

• Knowledge of multiple programming languages, including C, C++, and Python, and familiarity with multiple processor architectures

• Recent and relevant experience with vulnerability analysis and exploitation techniques,

• Experience in software instrumentation, testing and code coverage analysis

• Knowledge of cybersecurity practices, challenges, tools and techniques

• Team player – able to lead, mentor, communicate, collaborate and work effectively in a globally distributed team.

Bonus points:

• At least one of the following certifications is desirable:

  • Offensive Security Certified (OSCP, OSCE, OSEE)

  • Certificate of Registered or Certified Professional from the Council of Registered Security Testers (CREST)

  • SANS GIAC Penetration Tester, Web Application Penetration Tester, Exploit Researcher and Advanced Penetration Tester

• Previous experience with low-level code, such as OS kernel components, minifilters, or device drivers.

• Knowledge of developing concurrent kernel-mode and multithreaded systems on one of our supported platforms, with a desire to develop skills on all of these platforms.

• Previous experience with penetration testing.

• Previous experience in delivering software through agile processes.

• Previous participation in cybersecurity challenges (e.g. CTFs).

#LI-CW1

#LI-Remote

#HTF

Benefits of working at CrowdStrike:

• Culture of ‘at a distance’

• Market leader in rewards and share rewards

• Competitive vacation and flexible work arrangements

• Comprehensive and inclusive health benefits

• Physical and mental well-being programs

• Paid parental leave, including adoption

• A variety of professional development and mentorship opportunities

• Offices with well-stocked kitchens when you want to stimulate innovation and collaboration

CrowdStrike is proud to be an equal opportunity and affirmative action employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and has the opportunity to succeed. Our approach to cultivating a diverse, equitable, and inclusive culture is rooted in listening, learning, and collective action. By embracing the diversity of our people, we achieve our best work and drive innovation—creating the best possible outcomes for our clients and the communities they serve.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. If you require assistance accessing or viewing the information on this website or need assistance submitting an application or requesting an accommodation, please contact us at [email protected] for further assistance.

Read more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notification of Participation in E-Verify

Right to work

CrowdStrike, Inc. is committed to fair and equitable compensation practices. The base salary range for this position in the U.S. is $115,000 – $180,000 per year + variable/incentive compensation + stock + benefits. A candidate’s salary is determined by several factors, including but not limited to relevant work experience, skills, certifications, and location. Expected closing date for this vacancy is: 11-17-2024