Job Description

Employment Type: Full time

Position Overview

CrowdStrike is a global leader in cybersecurity, protecting the people, processes, and technologies that drive modern organizations. Our mission is to stop breaches, and we have redefined modern security with the world's most advanced AI-native platform. We operate on large-scale distributed systems, processing almost 3 trillion events per day, with traffic that is growing daily. Our customers span all industries, relying on CrowdStrike to keep their businesses running, their communities safe, and their lives moving forward. We are a mission-driven company that cultivates a culture providing flexibility and autonomy for employees to own their careers. We are seeking talented individuals with limitless passion, a relentless focus on innovation, and a fanatical commitment to our customers, community, and each other. The future of cybersecurity starts with you.

About the Role

Our team is expanding, and we are looking for capable security professionals to delve into our endpoint products. Your role will involve identifying design and implementation flaws, and assisting our product engineers in fixing problems and shipping secure code. If you enjoy dissecting Windows, Linux, or Mac applications to understand their functionality and uncover security vulnerabilities, and if you want to actively participate in fixing flaws rather than just reporting them, we encourage you to apply.

What You’ll Do

• Join project teams focused on product improvements and new product development as a security expert and advisor, influencing the design and capabilities of our endpoint protection products, with a specific focus on endpoint sensors.
• Create and update threat models to guide security decisions.
• Read and review source code for applications to identify security flaws and vulnerabilities, utilizing provided tools and going beyond their capabilities.
• Think like a hacker and attack endpoint applications, including kernel components, primarily before they reach production, leveraging tools but also performing tasks beyond their scope.
• Collaborate with developers to help them understand problems, risks, and design weaknesses, and to devise effective solutions.
• Build small tools and automation to enhance personal, team, and developer efficiency.
• Validate and replicate certain types of bug bounty reports, and actively hunt for similar issues in affected applications.

We are hiring for this role at multiple levels. We encourage you to apply even if you believe you don't meet all the requirements or if you possess more extensive skills.

What You’ll Need

• Experience programming in or assessing the security of C/C++ applications for Android, iOS, Linux, or Mac.
• Understanding of system internals and security features for Android, iOS, Linux, or Mac.
• Familiarity with concurrency considerations in multi-threaded applications.
• Understanding of the security implications of containerization and virtualization.
• A working understanding of how software products are created and shipped in Agile/DevOps-like environments, sufficient to foster positive working relationships with product engineers. (Software product development experience is a significant plus, but not a requirement).
• A solid understanding of common software weaknesses impacting endpoint and client/server applications, enabling you to identify them and assist product engineers in understanding and fixing them.
• Comfort collaborating across technical teams, including asking technical questions, challenging assumptions, and providing or obtaining context for decisions.

Bonus Points

These skills are not required, and we are willing to provide training, but they are considered helpful:

• C/C++ programming/review experience.
• Experience with debuggers such as Ghidra, IDA Pro, or similar tools.
• Experience developing/maintaining automation for application security tasks.
• Experience developing and using threat models, especially using STRIDE.
• Application pe...