Sr. Software Engineer - Windows Content Research & Integration

About the Role:

CrowdStrike is looking for a Senior Software Engineer to join our growing Content Research and Integration team within the EndPoint Protection Content group which focuses on security related endpoint development on the Windows macOS and Linux platforms.

The Endpoint Protection Content group plays a central role in fulfilling CrowdStrike’s mission to Stop Breaches . Within the Content Research and Integration team (CRI) we develop innovative capabilities to detect suspicious or malicious behavior on customer endpoint devices. Our goal is to enable the sensor to autonomously identify and stop the bad guys where possible and to provide useful visibility and guidance to security analysts when new previously unknown adversary activity occurs. We research attacker behavior to understand their tools and techniques and we build the capabilities to detect and prevent their malicious activity. Our detection strategies are primarily performed directly on the endpoint but can also execute in the cloud and may also utilize a hybrid approach combining aspects of both environments.  This ability to leverage a variety of tools across the CrowdStrike stack allow us to accomplish our detection goals while balancing local resource utilization and false positives for our customers.

As a sensor engineer within the CRI Windows team you will be focused on the research and development of sensor capabilities to provide visibility and detection support for attack techniques across supported Windows OS versions. You’ll work collaboratively to implement detection logic within the Falcon sensor which includes both user-mode and kernel-mode components that together observe system activity recognize malicious behavior provide on-box prevention and remediation capabilities and send relevant security related telemetry to the Falcon Cloud. You’ll help find creative and resourceful ways to detect Windows specific threats while also helping to develop cross platform features that leverage telemetry from common OS subsystems such as file system memory process and network activity. You’ll get exposure to both user-mode and kernel-mode coding practices.

As a Senior Engineer you’ll function as a key resource and subject matter expert for other engineers within the team and across the group.  You’ll collaborate with various other teams as you drive your own initiatives and assist with other projects. You’ll be expected to make significant contributions from the initial concept phase through design implementation release and bugtail/support. We're looking for smart people who want to be challenged and take ownership of what they build.

What You'll Do:

• Design and build detection logic and systems leveraged across teams within CrowdStrike to detect cyber attackers and stop breaches.

• Extend our existing codebase and test suites utilizing C++ Python and other tools as appropriate.

• Brainstorm define and build collaboratively across multiple teams.

• Build elegant robust and reliable solutions for complex technical problems.

• Obsess about learning and champion the newest technologies & tricks with others raising the technical IQ of the team.

• Deliver and accept feedback with grace and courtesy.

• Troubleshoot issues within the product when necessary assisting customer support.

• Leverage your understanding of engineering best practices including topics like secure coding testing paradigms effective peer code reviews logging and resilient architecture patterns to ensure that our code is clean.

• Be an energetic ‘self-starter’ who is empowered to take ownership and be accountable for deliverables both individually and when leading a team.

What You'll Need:

• 5+ years of experience designing building and delivering high-quality software in C/C++ with at least 2 years in security and/or kernel mode programming.

• Low-level OS knowledge of Windows operating system internals components APIs and design.

• Team player – able to lead mentor communicate collaborate and work effectively in a globally distributed team.

Preferred Qualifications:

• Prior security experience particularly in exploit and vulnerability analysis.

• Prior experience working with low-level code such as OS kernel firmware or device drivers.

• Understanding of kernel-mode and multi-threaded concurrent systems development in any of our supported platforms with an interest to grow skills in all of them.

• Prior development or testing experience with python.

• Prior experience delivering software via agile processes.