CrowdStrikeRemote
Sr. Engineer, Product Security (Remote)
United States
Full-time
2 days ago
$140,000 - $215,000 USD
H1B Sponsor Likely
Key skills
C++CGoAIAgilePenetration Testing
About this role
CrowdStrike is a global leader in cybersecurity dedicated to stopping breaches with advanced AI-native platforms. The Sr. Engineer, Product Security will work on improving endpoint products by identifying security flaws and collaborating with product engineers to enhance security measures.
Responsibilities:
- Join project teams working on product improvements and new products as a security expert and advisor, influencing the design and capabilities of our world-class endpoint protection products, with a focus on the endpoint sensors
- Create and update threat models to help drive security decisions
- Read and review source code for applications, looking for security flaws and vulnerabilities; you’ll have tools to help you but you’ll be digging deeper than tools can
- Think like a hacker and attack endpoint applications with kernel components, mostly before they go to production; again, you’ll have tools to help you, but you’ll do more than tools can
- Work with developers to help them understand problems, risks, design weaknesses, etc. and figure out good solutions
- Build small tools and automation to make your life/your team’s life/developers’ lives easier
- Validate and replicate some kinds of bug bounty reports, and hunt for similar issues in affected applications
Requirements:
- Experience programming in or assessing security of C/C++ apps for Windows, Linux or Mac
- Understanding of system internals and security features for Window, Linux or Mac
- Comfort with concurrency considerations in multi-threaded applications
- Understand the security implications of containerization and virtualization
- A working understanding of how software products are created and shipped in Agile/DevOps like environments – enough to have a positive working relationship with product engineers (software product development experience is a huge plus, but not a requirement)
- A solid understanding of common software weaknesses that impact endpoint and client/server applications; you'll be hunting for these, you need to know them when you see them and be able to help product engineers understand and fix them
- Comfort with collaborating across technical teams: asking technical questions, challenging assumptions, getting or providing context for decisions, etc
- C/C++ & Go programming
- Experience with debuggers like Ghidra, IDA Pro, or other similar tools
- Experience developing/maintaining automation for application security tasks
- Experience developing and using threat models, especially using STRIDE
- Application penetration testing experience, especially if it includes testing against install packages and control bypass methods
- Reverse-engineering or malware analysis, or related security research capabilities