Principal Consultant, Cloud Incident Response (Remote)

About CrowdStrike

Employment Type: Full time

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role

CrowdStrike is looking for highly motivated, self-driven, technical consultants dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. Our CrowdStrike Services team offers opportunities to expand your skill set through a wide variety of engagements including front page incident response investigations for organizations you’ll find on the annual Fortune 100 list. A Senior/Principal Consultant in CrowdStrike’s Cloud Incident Response Team would be responsible for assisting our clients in identifying, responding to, and containing attacker activity in their AWS, Azure, and/or GCP environments, as well as improving the team’s incident response capabilities by contributing to and spearheading automation projects.

Are You a Cloud IR Senior/Principal Consultant Candidate?

• Are you interested in and keeping up with the latest Azure, AWS, and GCP vulnerabilities and breaches?
• Are you self-motivated and looking for an opportunity to rapidly accelerate your skills?
• Do you crave new and innovative work that actually matters to your customer?
• Do you have an Incident Response or Information Security background that you’re not fully utilizing?
• Are you capable of operating as an individual contributor and occasionally leading teams and interacting with customers?
• Do you love working around like-minded, smart people who you can learn from and mentor on a daily basis?

What You’ll Do

• Manage projects and perform forensic analysis on incident response engagements involving Azure, AWS, or GCP data
• Manage projects and perform analysis on technical assessments looking for compromise or security misconfigurations in Azure, AWS, or GCP
• Manage projects and deliver adversary simulation (purple team) exercises in Azure, AWS and GCP.
• Produce high-quality written and verbal reports, presentations, recommendations, and findings to key stakeholders including customer management, regulators, and legal counsel.
• Demonstrate industry thought leadership through blog posts, CrowdCasts, and other public speaking events.

What You’ll Need

Successful candidates will have experience in one or more of the following areas:

• Cloud Incident Response: knowledge in AWS, Azure, or GCP incident response methodologies.
• Cloud Operations: familiarity with how modern workloads work in the cloud - DevOps, CICD pipelines, containers, functions, etc. and related security defenses and pitfalls.
• Incident Response: experience supporting or managing incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hacktivists.
• In-depth knowledge of Cloud Service Providers Forensic Analysis: a background using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.
• Incident Remediation: strong understanding of targeted attacks and able to create customized tactical and strategic remediation plans for compromised organizations related to major cloud platforms.
• Communications: strong ability