Crowdstrike

Sr. Application Security Engineer - Product Security (Remote)

United States

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Biotechnology, SoftwareIndustries

Senior Application Security Engineer

Employment Type: Full-time

Position Overview

CrowdStrike is a global leader in cybersecurity, protecting the people, processes, and technologies that drive modern organizations. Our mission is to stop breaches, and we have redefined modern security with the world's most advanced AI-native platform. We operate at a massive scale, processing trillions of events daily, and our customers span all industries. We foster a culture of flexibility, autonomy, and innovation, seeking individuals with passion and a commitment to our customers, community, and each other.

About The Role

Join CrowdStrike's Product Security team to protect our applications and customers from advanced threats. As a Senior Application Security Engineer, you will identify design and implementation flaws in web applications, assist product engineers in fixing defects, and contribute to shipping secure code. You will be actively involved in defect remediation and play a key role in cross-cutting projects to enhance the security of internal systems and processes.

What You’ll Do

  • Act as a security expert and advisor to engineering teams, influencing product design and capabilities.
  • Create, maintain, and mature threat models to guide security architecture reviews and minimize threat surface area.
  • Perform manual secure code reviews to identify security defects and risks.
  • Conduct application security testing throughout the Secure Development Life Cycle (SDLC).
  • Collaborate with developers to explain defects, risks, and design weaknesses, and guide them in implementing effective solutions.
  • Build and integrate tools and automation to improve efficiency for the security team and engineering partners.
  • Manage responses to the bug bounty program, proactively hunt for similar vulnerabilities, and enhance application security.

Note: We are hiring for multiple levels for this role. We encourage you to apply even if you don't meet every single qualification or believe you exceed them.

What You’ll Need

  • Self-motivation to identify security defects and collaborate with engineering teams on solutions.
  • Deep understanding of software product development in Agile/DevOps environments.
  • Experience with threat modeling frameworks, particularly STRIDE.
  • Proven experience in manual secure code review for applications developed in Go (Golang), Python, or JavaScript (with an emphasis on browser-side).
  • Demonstrable proficiency in hands-on review and testing of API endpoint security.
  • Working knowledge of secure configuration for cloud-native and containerized applications across multiple cloud environments (GCP, Azure, AWS).
  • Experience using and/or maintaining commercial AppSec tools (SAST, DAST, CSPM, DSPM, ASPM).
  • Solid understanding of common software weaknesses impacting cloud and web applications (beyond OWASP Top 10) and demonstrable experience in application penetration testing.
  • Proven ability to collaborate effectively across technical teams, including asking questions, challenging assumptions, and providing context for decisions.
  • Demonstrable experience developing/maintaining automation for application security tasks and defect identification.

Bonus Points

  • Experience working at extremely large scale.
  • Comfort with [Specific skills or technologies not listed in the provided text, but would be beneficial].

Skills

Application Security
Product Security
Threat Modeling
Security Architecture
Web Applications
Secure Code
AI-native platform
Cybersecurity
Distributed Systems

Crowdstrike

Cloud-native endpoint security solutions provider

About Crowdstrike

CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.

Austin, TexasHeadquarters
2011Year Founded
$468MTotal Funding
IPOCompany Stage
Enterprise Software, CybersecurityIndustries
5,001-10,000Employees

Benefits

Competitive Employee Stock Purchase Plan
Remote-friendly culture
Market leader in compensation and equity awards
Competitive vacation and flexible working arrangements
Comprehensive health benefits + 401k plan
Paid Parental Leave, including adoption
Wellness programs
Professional development and mentorship opportunities
Open offices have stocked kitchens, coffee, soda and treats

Risks

Increased competition from companies like Lumos could challenge CrowdStrike's market share.
Recovery from last year's outage may still affect customer trust and future sales.
Pressure to demonstrate ROI by 2025 could challenge CrowdStrike's financial transparency.

Differentiation

CrowdStrike's Falcon platform offers cloud-native endpoint security solutions, a key differentiator.
The company serves 44 of the Fortune 100, showcasing its strong market presence.
CrowdStrike's proactive threat hunting sets it apart in cybersecurity threat detection.

Upsides

Partnership with SonicWall opens new SMB market segment for CrowdStrike.
Recognition as a leader in ransomware prevention boosts CrowdStrike's market credibility.
Gamified learning initiatives help address cybersecurity skills gap, benefiting future talent pipeline.

Land your dream remote job 3x faster with AI