Application Security Engineer

Employment Type: Full-time

Position Overview

CrowdStrike, a global leader in cybersecurity, protects the people, processes, and technologies that drive modern organizations. Our mission is to stop breaches, and we have redefined modern security with the world's most advanced AI-native platform. We operate at a massive scale, processing trillions of events daily, with customers spanning all industries who rely on us to keep their businesses running and communities safe. We foster a culture of flexibility, autonomy, and continuous innovation, seeking passionate individuals committed to our customers, community, and each other.

About The Role

Join CrowdStrike's Product Security team to protect our applications and customers from advanced threats. As an Application Security Engineer, you will identify design and implementation flaws in web applications, collaborate with product engineers to fix defects, and contribute to shipping secure code. You will actively hunt for and remediate security defects. This role also involves cross-cutting projects to enhance the security of internal systems and processes against emerging threats.

We are hiring for multiple levels, so we encourage you to apply even if you don't meet every requirement or believe you can contribute beyond the listed responsibilities.

What You’ll Do

• Act as a security expert and advisor to engineering teams, influencing product design and capabilities.
• Create and maintain threat models to guide security decisions and minimize the threat surface area.
• Review application source code to identify security defects and risks.
• Perform application attacks throughout the Secure Development Life Cycle (SDLC).
• Collaborate with developers to explain defects, risks, and design weaknesses, and guide the implementation of solutions.
• Build and maintain integrated tools and automation to improve efficiency for yourself, your team, and engineering partners.
• Assist in responding to the bug bounty program, hunt for similar issues, and enhance application security.

What You’ll Need

• A solid understanding of software product creation and delivery in Agile/DevOps environments.
• Moderate experience with threat modeling, including methodologies like STRIDE.
• Code review experience for applications developed in Go (Golang), Python, or Java.
• Knowledge of secure configuration for cloud-native and containerized applications in one or more cloud environments (GCP, Azure, AWS).
• Experience using and/or maintaining commercial AppSec tools such as SAST, DAST, CSPM, DSPM, and ASPM suites.
• An understanding of common software weaknesses impacting cloud and web applications (beyond the OWASP Top 10) and experience in application penetration testing.
• Comfort collaborating with technical teams, asking probing questions, challenging assumptions, and providing/receiving context for decisions.
• Experience driving ambiguous research projects.

Bonus Points

• Self-motivated to identify security problems and proactively engage with teams to find solutions.
• Demonstrable experience developing/maintaining automation for application security tasks and defect identification.
• Proven positive working relationships with product engineers; software product development experience is a significant advantage.
• Knowledge of Docker and Kubernetes (k8s).
• Ability to explain and demonstrate concepts related to application security.

Company Information

CrowdStrike is a global leader in cybersecurity, protecting the people, processes, and technologies that drive modern organizations. Since 2011, our mission has been to stop breaches. We have redefined modern security with the world's most advanced AI-native platform. We work on large-scale distributed systems, processing almost 3 trillion events per day, and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe, and their lives moving forward. We are a mission-driven company that cultivates a culture providing every CrowdStriker with the flexibility and autonomy to own their careers. We are always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation, and a fanatical commitment to our customers, our community, and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.