Senior Application Security Engineer

Employment Type: Full-time

Position Overview

CrowdStrike is a global leader in cybersecurity, protecting the people, processes, and technologies that drive modern organizations. Our mission is to stop breaches, and we have redefined modern security with the world's most advanced AI-native platform. We operate at a massive scale, processing trillions of events daily, and our customers span all industries. We foster a culture of flexibility, autonomy, and innovation, seeking individuals with passion and a commitment to our customers, community, and each other.

About The Role

Join CrowdStrike's Product Security team to protect our applications and customers from advanced threats. As a Senior Application Security Engineer, you will identify design and implementation flaws in web applications, assist product engineers in fixing defects, and contribute to shipping secure code. You will be actively involved in defect remediation and play a key role in cross-cutting projects to enhance the security of internal systems and processes.

What You’ll Do

• Act as a security expert and advisor to engineering teams, influencing product design and capabilities.
• Create, maintain, and mature threat models to guide security architecture reviews and minimize threat surface area.
• Perform manual secure code reviews to identify security defects and risks.
• Conduct application security testing throughout the Secure Development Life Cycle (SDLC).
• Collaborate with developers to explain defects, risks, and design weaknesses, and guide them in implementing effective solutions.
• Build and integrate tools and automation to improve efficiency for the security team and engineering partners.
• Manage responses to the bug bounty program, proactively hunt for similar vulnerabilities, and enhance application security.

Note: We are hiring for multiple levels for this role. We encourage you to apply even if you don't meet every single qualification or believe you exceed them.

What You’ll Need

• Self-motivation to identify security defects and collaborate with engineering teams on solutions.
• Deep understanding of software product development in Agile/DevOps environments.
• Experience with threat modeling frameworks, particularly STRIDE.
• Proven experience in manual secure code review for applications developed in Go (Golang), Python, or JavaScript (with an emphasis on browser-side).
• Demonstrable proficiency in hands-on review and testing of API endpoint security.
• Working knowledge of secure configuration for cloud-native and containerized applications across multiple cloud environments (GCP, Azure, AWS).
• Experience using and/or maintaining commercial AppSec tools (SAST, DAST, CSPM, DSPM, ASPM).
• Solid understanding of common software weaknesses impacting cloud and web applications (beyond OWASP Top 10) and demonstrable experience in application penetration testing.
• Proven ability to collaborate effectively across technical teams, including asking questions, challenging assumptions, and providing context for decisions.
• Demonstrable experience developing/maintaining automation for application security tasks and defect identification.

Bonus Points

• Experience working at extremely large scale.
• Comfort with [Specific skills or technologies not listed in the provided text, but would be beneficial].