Sr. Engineer - Threat Detection (Hybrid)

As a global leader in cybersecurity CrowdStrike protects the people processes and technologies that drive modern organizations. Since 2011 our mission hasn’t changed — we’re here to stop breaches and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries and they count on CrowdStrike to keep their businesses running their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion a relentless focus on innovation and a fanatical commitment to our customers our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

The Falcon Cloud Security (FCS) Detection Engineering team enables CrowdStrike’s primary mission of Stopping the Breach through a shift-left approach that focuses on helping customers of cloud computing manage their risk posture. We do this by writing and maintaining detection rules that assess cloud assets to identify risks and opportunities for improvement. We start by using research to define best practices for cloud security which we translate into detection rules we author and deploy as code into the FCS product ecosystem. In addition to posture management the Detection Engineering team researches threats to cloud services & assets and writes detection rules to identify abuses and attacks.

This role combines a blend of skill sets including security operations & incident response data analytics risk management software development and threat research. If you enjoy researching cloud security issues and developing detection content as code all in a fast-paced environment with broad collaboration across a team this role is for you.

As a member of the Falcon Cloud Security Detection Engineering team you will be responsible for performing research into cloud threats vulnerabilities and abuses to determine configuration best practices that can be used to secure cloud services and assets. You will also be responsible for developing and deploying detection rules as code into the FCS product ecosystem along with writing descriptions that customers will use to understand and action alerts generated by these rules.

Location: New York City (Hybrid)

This role is hybrid requiring 2-3 days per week on-site in our New York City office once the development center is established.

What You’ll Need:

• United States Citizenship OR Permanent Residency is necessary to retain access to resources for this role (NO Clearance necessary)

• Professional experience in cloud security-related operations and engineering roles specifically related to threat detection incident response and risk management.

• Experience with data analytics including searching large data sets correlating attributes interpreting results extracting insights and forming data-driven conclusions.

• Experience with searching data with analytics tools including Elastic Search Splunk or a SIEM.

• A working practical knowledge of at least one of the following Cloud Service Providers: AWS Azure GCP OCI.

• A practical understanding of industry security standards and control frameworks such as NIST CISA CIS HIPAA HISTRUST PCI and others.

• Experience developing deploying and maintaining code in formalized software development/CICD workflows including the use of BitBucket to manage code deployments.

• Familiarity with the Agile methodology for project management.

• Experience in a DevOps or similar role that required use of Python and GO.

• Ability to author and run Elastic Search queries and interpret results from large data sets. 

• Proficient in the English language with strong written and verbal communication skills.

• A passion for quality and experience optimizing results.

Bonus Points:

• Experience writing detection rules with the Open Policy Agent query language Rego.

• Having served in a role focused on Detection Engineering; writing detection rules used by other teams.

• Formalized training or certification in cloud computing including administration development engineering or architecture.

#LI-DR1

#LI-Hybrid

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks geographic neighborhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race color creed ethnicity religion sex (including pregnancy or pregnancy-related medical conditions) sexual orientation gender identity marital or family status veteran status age national origin ancestry physical disability (including HIV and AIDS) mental disability medical condition genetic information membership or activity in a local human rights commission status with regard to public assistance or any other characteristic protected by law. We base all employment decisions--including recruitment selection training compensation benefits discipline promotions transfers lay-offs return from lay-off terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation please contact us at [email protected] for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

For detailed information about the U.S. benefits package please click here. 

What We Do

CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people processes and technologies that drive modern enterprise. Tested and proven the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company we believe cultivating a connected culture for every employee no matter where they are in the world is a key ingredient in building a high-performing diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?

Why Work With Us

We have a culture that celebrates achievement encourages flexibility and innovation and thrives on teamwork. We all work towards a single mission: to stop breaches. This common goal drives a sense of community and connection among our people across the globe.

Gallery