Security Engineer, Product Security
Chainlink LabsSalary not specified
Full Time
Mid-level (3 to 4 years), Senior (5 to 8 years)
Not SpecifiedCompensation
Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, BiotechnologyIndustries
Requirements
Candidates should have a moderate understanding of software product creation and shipping in Agile/DevOps environments. They need moderate experience with threat modeling, especially using STRIDE, and code review experience for applications built with Go, Python, or Java. Knowledge of secure configuration for cloud-native and containerized applications in GCP, Azure, or AWS is required, along with experience using or maintaining commercial AppSec tools like SAST, DAST, CSPM, DSPM, and ASPM suites. An understanding of common software weaknesses impacting cloud and web applications beyond the OWASP Top 10 and experience in application penetration testing are also necessary. Comfort with collaborating across technical teams, asking technical questions, challenging assumptions, and driving ambiguous research projects is essential. Bonus points are awarded for experience with Docker and Kubernetes, and the ability to explain AI limitations.
Responsibilities
The Application Security Engineer will join engineering teams as a security expert and advisor to influence product design and capabilities. They will create and maintain threat models to guide security decisions and minimize threat surface area. Responsibilities include reviewing application source code for security defects and risks, attacking applications throughout the Secure Development LifeCycle, and working with developers to help them understand and fix defects, risks, and design weaknesses. The role also involves building integrated tools and automation to improve efficiency for the team and engineering partners, assisting in responding to the bug bounty program, hunting for similar issues, and enhancing application security.
Skills
Application Security
Product Security
Threat Modeling
Web Applications
Security Defects
Secure Code
Cybersecurity
AI-native platform
Distributed Systems
Crowdstrike
Cloud-native endpoint security solutions provider
About Crowdstrike
CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.
Austin, TexasHeadquarters
2011Year Founded
$468MTotal Funding
IPOCompany Stage
Enterprise Software, CybersecurityIndustries
5,001-10,000Employees
Benefits
Competitive Employee Stock Purchase Plan
Remote-friendly culture
Market leader in compensation and equity awards
Competitive vacation and flexible working arrangements
Comprehensive health benefits + 401k plan
Paid Parental Leave, including adoption
Wellness programs
Professional development and mentorship opportunities
Open offices have stocked kitchens, coffee, soda and treats
Risks
Increased competition from companies like Lumos could challenge CrowdStrike's market share.
Recovery from last year's outage may still affect customer trust and future sales.
Pressure to demonstrate ROI by 2025 could challenge CrowdStrike's financial transparency.
Differentiation
CrowdStrike's Falcon platform offers cloud-native endpoint security solutions, a key differentiator.
The company serves 44 of the Fortune 100, showcasing its strong market presence.
CrowdStrike's proactive threat hunting sets it apart in cybersecurity threat detection.
Upsides
Partnership with SonicWall opens new SMB market segment for CrowdStrike.
Recognition as a leader in ransomware prevention boosts CrowdStrike's market credibility.
Gamified learning initiatives help address cybersecurity skills gap, benefiting future talent pipeline.
Related Jobs
RemoteRemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteApplication Security Engineer
Red Cell PartnersSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSecurity Engineer, Cloud Security
OpenAI$279,000 - $385,000/year
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteThreat Response Engineer
Red CanarySalary not specified
- Full Time
- Mid-level (3 to 4 years)
RemoteApplication Security Engineer - Remote
PayNearMeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemotePenetration Tester
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer
ZoomSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteAI Tooling Engineer
SupabaseSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteAssociate Security Engineer (Vulnerability Management)
GalaxySalary not specified
- Full Time
- Entry Level & New Grad, Junior (1 to 2 years)
Remote(Canada) -Intermediate Automation and Security Engineer
PointClickCareSalary not specified
- Full Time
- Mid-level (3 to 4 years)
RemoteSenior Software Engineer - Security Center
ServiceNowSalary not specified
- Full Time
- Senior (5 to 8 years)