Senior Cloud Security Researcher
Red CanaryFull Time
Senior (5 to 8 years)
Candidates should possess 2-3 years of experience in a threat intelligence environment or cloud-focused incident response. A strong motivation and experience in the cyber threat intelligence field, particularly in researching and reporting on cloud incidents in AWS, Azure, or GCP, as well as adversary behavior, are essential. Experience analyzing API logs from at least one of the major cloud service providers (AWS, Azure, or GCP), a basic understanding of cloud identity and access management (IAM) concepts, and knowledge of identity initial access and BEC techniques including AitM and password spraying are required. The ability to identify and track adversary tradecraft trends and produce quality finished intelligence products is also necessary.
The Sr. Intelligence Analyst will identify threats, trends, and new developments in the cloud threat landscape by analyzing raw intelligence and data, including querying Logscale and analyzing raw cloud logs like CloudTrail and Azure related logs. Responsibilities include researching new techniques for clustering and tracking cloud-conscious threat actors, identifying and monitoring the Tactics, Techniques, and Procedures (TTPs) employed by cyber threat actors that compromise cloud environments, and applying analytic tradecraft to gathered intelligence. The analyst will provide and assist with finished intelligence analysis through written reporting on short deadlines with minimal supervision, collaborate across teams to inform various functions within CrowdStrike Intelligence about activity of interest, and coordinate adversary/campaign tracking. Additionally, they will identify intelligence gaps, submit requests for information to fill these gaps, and conduct briefings as needed for various customer levels.
Cloud-native endpoint security solutions provider
CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.