Windows Vulnerability Analysis Engineer (Remote)

At CrowdStrike we’re on a mission - to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a future-proof manner. Because of that we’ve earned numerous honors and top rankings for our technology, organization and talent. Our culture was purpose-built to be remote first, and we offer flexible work arrangements to help our people manage their personal and professional lives in a way that works for them. If you’re ready to work on unrivaled technology with a team that makes a difference every day, let’s talk.

About the role:

Crowdstrike is looking for a Software Engineer to join our growing Endpoint Protection Content Development (EPPC) team which focuses on security related endpoint development on Windows, macOS, and Linux.

The Endpoint Protection Content Development (EPPC) team is a central part of CrowdStrike’s mission - “We Stop Breaches."  In EPPC, we implement strategies and processes that detect and prevent suspicious or malicious behavior. Our goal is to automatically stop the bad guys where possible, and to provide useful visibility and guidance to security analysts when new previously unknown adversarial activity occurs. We research attacker behavior to understand their tools and techniques, and we build capabilities to detect and prevent malicious activity. Our detection strategies are often performed directly on the endpoint, but are also executed in the cloud and may utilize a hybrid strategy combining aspects of both environments.  This ability to leverage a variety of tools across the CrowdStrike stack allow us to accomplish our detection goals while balancing local resource utilization and false positives for our customers.

As a software engineer within the EPPC team you will be focused on the analysis and development of detections for Windows based exploitation techniques across supported Windows versions.  You’ll work collaboratively to implement these detections within the Falcon sensor which is a lightweight agent that observes system activity, recognizes malicious behavior, provides on-box prevention capability, and sends relevant security related data and telemetry to the Falcon cloud. We're looking for smart people who want to be challenged and take ownership of what they build.

In this role you will:

• Analyze, reproduce, and verify critical Windows CVEs with the focus of identifying possible detection logic

• Design and build detection logic and systems leveraged across teams within CrowdStrike to detect cyber attackers and stop breaches.

• Extend our existing codebase and test suites utilizing C/C++, Python, and other tools as appropriate.

• Brainstorm, define, and build collaboratively across multiple teams.

• Be passionate about learning, and champion the newest technologies & tricks with others, raising the technical IQ of the team.

• Deliver and accept feedback with grace and courtesy.

• Leverage your understanding of engineering best practices, including topics like secure coding, testing paradigms, effective peer code reviews, logging, and resilient architecture patterns, to ensure that our code is clean.

• Be an energetic ‘self-starter’ with the ability to take ownership and be accountable for deliverables, both individually and when leading a team.

Key Qualifications:

• 3+ years of experience with either:

  • Reverse engineering, threat detection, and vulnerability analysis; and an interest in on-device development, or

  • Designing, building, and delivering high-quality software in C/C++ on Windows with an interest in security.

• Low-level OS knowledge of Windows operating system internals, components, APIs, and design.

• Team player – able to communicate, collaborate, and work effectively in a globally distributed team.

Preferred Qualifications:

• Prior security experience, particularly in exploit and vulnerability analysis.

• Prior experience working with kernel-mode and multi-threaded concurrent systems development on Windows platforms, with an interest to grow skills in all of them.

• Prior development or testing experience with python.

• Prior experience delivering software via agile processes.

#LI-DM1

#LI-BP1

#LI-Remote

Benefits of Working at CrowdStrike:

• Flexible work hours and remote friendly environment

• Market leader in compensation and equity awards

• Comprehensive health benefits

• Wellness programs

• Peer recognition

• A variety of professional development and mentorship opportunities

• Inclusive culture focused on people, customers and innovation

• Working with the latest technologies

• Open offices have stocked kitchens, coffee, soda and treats

• Regular team activities, including happy hours and community service events

We are committed to building an inclusive culture of belonging that not only embraces the diversity of our people but also reflects the diversity of the communities in which we work and the customers we serve. We know that the happiest and highest performing teams include people with diverse perspectives that encourage new ways of solving problems, so we strive to attract and develop talent from all backgrounds and create workplaces where everyone feels seen, heard and empowered to bring their full, authentic selves to work.

CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.