Engineer III - Threat Detection - New York (Hybrid) at CrowdStrike, Inc. – New York, New York

CrowdStrike, Inc.

Full time

R28128

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

The CrowdStrike Next-Generation Security Information and Event Management (NG SIEM) Detection Content team is seeking an experienced and passionate professional to analyze threat actor tactics ranging from prevalent to the most obscure, and to drive efforts to mitigate them by implementing robust coverage. The team is focused on improving detection & response capability and efficacy for the Falcon NG SIEM platform through tactical analysis of ongoing attacks by criminal and nation state actors impacting our customer base. If you have demonstrable proficiency in using traditional SIEM systems, Security Orchestration, Automation and Response (SOAR) tools and real-world experience dealing with advanced threat actors (nation-state, criminal, hacktivist or other), we have a role for you!

What You’ll Do:

The role requires independent work as well as the ability to work in a team environment. In this role, you will be expected to be a Subject Matter Expert (SME), to analyze large data sets and to be able to emulate threat actor tactics to write effective and efficient threat detection rules along with an “automation-first” mindset to build SOAR playbooks that can help operationalize response at scale. You will be expected to mentor other team members, and to actively participate in knowledge transfers both internal and external to the team. In addition, this role will require you to take initiative to identify and solve important issues facing our customers. Ultimately, you will work alongside the leaders within the team to set the technical direction and influence decision making that would have a direct impact on the product.

The role will be in a cutting-edge threat detection engineering team regularly facing off against sophisticated malicious techniques and cyber criminals. We would like to hear from you if:

• You have a passion for stopping criminals and making this a safer cyber world

• You are capable and comfortable communicating information to both technical and executive-level stakeholders

• You have a deep understanding of security workflows and can build automation and response logic that aligns with customer operations.

• You have a deep understanding of the threat landscape and are experienced in applying that knowledge to identify trends to anticipate shifts in tactic, technique and procedures (TTPs) to implement emulations and engineer detection solutions

• You are comfortable assessing cyber threat intelligence, open source intelligence or partner reporting

• You have working knowledge of programming and scripting languages, in particular Python or Go

• You have experience emulating threat actor TTPs to drive detection content development

• You have experience in a security operations center or similar environment tracking threat actors and responding to incidents

• You have experience building SOAR playbooks that automate triage, enrichment, containment and escalation actions.

• You have experience analyzing telemetry and customer feedback to improve detection efficacy and response outcomes

• You are looking for a dynamic, fast-paced and challenging role in an unconventional team environment

• You have experience with one or more SIEM/SOAR products (Splunk, PAN XSOAR, Google SecOps, Elastic Stack, etc.)

What You’ll Need:

• Bachelor’s degree in information security, computer science or more than 5 years of equivalent work experience

• Demonstrated ability to convey technical concepts to audiences with varying technical prowess

• Willingness to teach and mentor others on the team

Bonus Points:

• Contributions to the open source community (GitHub, Stack Overflow, blogging)

• Published research papers at conferences or through other mediums (blogs, articles)

#LI-DR1

#HTF

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs

• Competitive vacation and holidays for recharge

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $140,000 - $215,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.

For detailed information about the U.S. benefits package, please click here.