Penetration Test Engineer

2 Hours ago • 2 Years +

Job Summary

Job Description

As a Penetration Test Engineer at CrowdStrike, you will be responsible for developmental and operational penetration testing for products and online properties. This includes performing comprehensive assessments, managing the lifecycle of findings, working with various business units, and advocating for security best practices. The role requires expertise in manual and automated web application penetration testing, knowledge of network protocols, and the ability to work in a complex distributed environment. You will be expected to identify vulnerabilities, drive their remediation, and ensure the organization's security posture is maintained. You will be working remotely with teammates across the organization and maintain healthy working relationships.
Must have:
  • Expertise in manual and automated web application penetration testing.
  • Knowledge of server and client operating systems.
  • Understanding of networking, cryptography, web applications, databases, and wireless technologies.
  • Ability to prioritize and drive findings to remediation.
  • Experience with Mac, Windows, Linux, or Unix-like variants.
  • Understanding of TCP, UDP, HTTP, IP, and other network protocols.
  • Ability to triage vulnerabilities using CVSS calculators.
  • Ability to work independently.
  • Proactive problem-solving attitude.
  • Up-to-date knowledge of current vulnerabilities.
  • Ability to automate and script tasks using a preferred language.
  • Ability to work remotely with teammates.
Good to have:
  • Familiarity with the OWASP Top 10 list.
  • Experience working with cloud technologies.
  • Familiarity with threat actor tools, techniques, and procedures (TTPs).
  • Experience executing email phishing campaigns.
  • Ability to utilize and write scripts against common web APIs.
  • Knowledge of cloud platforms and concurrent systems.
  • Knowledge of build pipelines and CI tools.
  • Clear and efficient communication skills.
  • Ability to create slide decks.
  • Technical security certifications or academic background.
  • CVEs or bug bounty rewards.
  • Documented CTF write-ups or victories.
  • Hacker or professional group affiliations.
Perks:
  • Remote-friendly and flexible work culture
  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities
  • Employee Resource Groups, geographic neighborhood groups and volunteer opportunities
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe

Job Details

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

Good at breaking things? This job is for you! This position is responsible for developmental and operational penetration testing for our product and all our online properties.

This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least two years of experience performing penetration tests using a mix of commercially available, open source, and personally built tools. A solid understanding of network protocols, server and web application weaknesses is also needed. The successful candidate will also have good communication skills and will provide a high level of security expertise to the company while working in a complex distributed environment.

What You'll Do:

  • Perform comprehensive penetration testing assessments across the organization.

  • Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.

  • Work with various different business units to perform penetration testing assessments on systems or applications before go live rollouts.

  • Examine systems and applications to assess the current security posture.

  • Manage penetration testing related tickets to ensure issues are remediated within proper timelines.

  • Advocate for security best practices across the organization.

What You'll Need:

  • Advanced knowledge of server and client operating systems.

  • Extensive computer skills and an understanding of networking, cryptography, web applications, databases, and wireless technologies.

  • Ability to prioritize impactful findings and drive these items to remediation.

  • Experience working with Mac, Windows, Linux and/or other Unix-like variants.

  • Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.

  • A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.

  • Possess the ability to work independently.

  • Proactive go-getter attitude to solve challenging problems.

  • Stays up to date with current vulnerabilities and vulnerability related news in various industries.

  • Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, Perl, BASH).

  • The ability to work remotely with teammates across the organization and maintain healthy working relationships.

Bonus Points:

  • Familiarity with the OWASP Top 10 list

  • Experience working with cloud technologies (AWS, GCP, Azure, Kubernetes or docker), infrastructure as code tools (e.g., Terraform, Ansible), and/or container technologies

  • Familiarity with common threat actor tools, techniques, and procedures (TTPs), attack kill chains, and security control evasion.

  • Experience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, and additional components in this area.

  • Ability to utilize and write scripts against common web APIs (REST, SOAP).

  • Knowledge of cloud platforms and highly concurrent systems.

  • Knowledge of build pipelines and CI tools.

  • You’re a clear thinker and efficient communicator (i.e. written and verbal).

  • Ability to create elegant looking slide decks.

  • Technical security certifications or academic background are a plus.

  • CVEs or bug bounty rewards.

  • Documented CTF write-ups or victories.

  • Hacker or professional group affiliations.

#LI-EV1

#LI-Remote

Benefits of Working at CrowdStrike:

  • Remote-friendly and flexible work culture

  • Market leader in compensation and equity awards

  • Comprehensive physical and mental wellness programs

  • Competitive vacation and holidays for recharge

  • Paid parental and adoption leaves

  • Professional development opportunities for all employees regardless of level or role

  • Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections

  • Vibrant office culture with world class amenities

  • Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.

Similar Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Skill Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Jobs in Romania

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

CrowdStrike was founded in 2011 to fix a fundamental problem: The sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be solved with existing malware-based defenses. Founder George Kurtz realized that a brand new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware. There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.

United Kingdom (Remote)

Romania (Remote)

Pune, Maharashtra, India (On-Site)

Delhi, India (On-Site)

United States (Remote)

Canada (Remote)

View All Jobs

Get notified when new jobs are added by Crowd Strick