Threat Detection Engineer

2 Months ago • All levels • Software Development & Engineering

Job Summary

Job Description

The Falcon Cloud Security (FCS) Detection Engineering team at CrowdStrike focuses on stopping breaches by helping customers manage their cloud computing risk posture. They develop and maintain detection rules to assess cloud assets and identify areas for improvement. The team researches cloud security threats and develops detection rules to identify abuses and attacks. This role involves security operations, incident response, data analytics, risk management, software development, and threat research. The job involves researching cloud security issues, developing detection content as code, and collaborating with a diverse team in a fast-paced environment. Responsibilities include translating use cases into code requirements, configuring cloud assets, writing code to search data, bundling code into templates, deploying and testing the code in the product pipeline, and performing ongoing maintenance.
Must have:
  • Experience in cloud security operations and engineering.
  • Experience with data analytics and searching large datasets.
  • Experience with analytics tools such as Elastic Search or Splunk.
  • Practical knowledge of cloud service providers (AWS, Azure, GCP, OCI).
  • Understanding of industry security standards.
  • Experience with software development/CICD workflows.
  • Familiarity with Agile methodology.
  • Experience in DevOps or similar role using Python and GO.
  • Ability to author and run Elastic Search queries.
  • Proficient in English language with strong communication skills.
  • Passion for quality and experience optimizing results.
Good to have:
  • Experience writing detection rules with Rego.
  • Experience in Detection Engineering.
  • Formalized training or certification in cloud computing.
Perks:
  • Remote-friendly and flexible work culture
  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees
  • Employee Resource Groups and volunteer opportunities
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe

Job Details

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day. We have 3.44 PB of RAM deployed across our fleet of C* servers - and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

The Falcon Cloud Security (FCS) Detection Engineering team enables CrowdStrike’s primary mission of Stopping the Breach, through a shift-left approach that focuses on helping customers of cloud computing manage their risk posture. We do this by writing and maintaining detection rules that assess cloud assets to identify risks and opportunities for improvement. We start by using research to define best practices for cloud security, which we translate into detection rules we author and deploy as code into the FCS product ecosystem. In addition to posture management, the Detection Engineering team researches threats to cloud services & assets, and writes detection rules to identify abuses and attacks.

This role combines a blend of skill sets including security operations & incident response, data analytics, risk management, software development, and threat research. If you enjoy researching cloud security issues and developing detection content as code, all in a fast-paced environment with broad collaboration across a diverse team, this role is for you.

What You'll Do:

As a member of the Falcon Cloud Security Detection Engineering team, you will be responsible for performing research into cloud threats, vulnerabilities, and abuses, to determine configuration best practices that can be used to secure cloud services and assets. You will also be responsible for developing and deploying detection rules as code into the FCS product ecosystem along with writing descriptions that customers will use to understand and action alerts generated by these rules.

While this role is being sourced in the EMEA global region, the core of the FCS Detection Engineering team is US-based. This role will honor a working day within local standard business hours for each team member, but will also require regular participation in team meetings and live collaboration with US-based staff. Candidates should expect a variable working window that may shift from starting at 9:00am to 10:00am and end at 6:00pm to 7:00pm.

  • Translating use case descriptions into requirements for new code

  • Configuring cloud assets to match the use case

  • Writing code that searches collected data for attributes matching our use case

  • Bundle the code into a productized template with additional descriptive data

  • Deploy and test the new code in the product pipeline

  • Deploy and validate the new code in production

  • Perform ongoing maintenance / support for our new code

This is mostly software development, although closer to what we call content development in the security world, but done in a SaaS ecosystem.

This is also all done within the context of cloud security, but specifically of cloud governance, risk management, and compliance (GRC).

What You’ll Need:

  • Professional experience in cloud security-related operations and engineering roles, specifically related to threat detection, incident response, and risk management.

  • Experience with data analytics, including searching large data sets, correlating attributes, interpreting results, extracting insights, and forming data-driven conclusions.

  • Experience with searching data with analytics tools including Elastic Search, Splunk, or a SIEM.

  • A working practical knowledge of at least one of the following Cloud Service Providers: AWS, Azure, GCP, OCI.

  • A practical understanding of industry security standards and control frameworks such as NIST, CISA, CIS, HIPAA, HISTRUST, PCI and others.

  • Experience developing, deploying, and maintaining code in formalized software development/CICD workflows including the use of BitBucket to manage code deployments.

  • Familiarity with the Agile methodology for project management.

  • Experience in a DevOps or similar role that required use of Python and GO.

  • Ability to author and run Elastic Search queries and interpret results from large data sets. 

  • Proficient in the English language with strong written and verbal communication skills.

  • A passion for quality and experience optimizing results.

Bonus Points:

  • Experience writing detection rules with the Open Policy Agent query language, Rego.

  • Having served in a role focused on Detection Engineering; writing detection rules used by other teams.

  • Formalized training or certification in cloud computing, including administration, development, engineering, or architecture.


The work:

We develop and insert new code into a SaaS platform by updating configuration files read by custom-built services in a data analytic and presentation ecosystem. The code we deploy into the SaaS platform is designed to read cloud asset configurations, compare them to configuration standards, and generate a “finding” if the asset configuration “fails” one of our checks.

We receive content use cases in the form of loosely described requirements, or a configuration scenario or best practice. We then create cloud assets and configure them to match the described scenario. Then we capture the data that is generated in our SaaS pipeline from our cloud assets and we use it to author a content rule that checks other cloud assets for that same configuration state. We deploy these into the product ecosystem through CI/CD processes as templates with additional meta data that describes the scenario to customers of the platform.

#LI-MZ1

Benefits of Working at CrowdStrike:

  • Remote-friendly and flexible work culture

  • Market leader in compensation and equity awards

  • Comprehensive physical and mental wellness programs

  • Competitive vacation and holidays for recharge

  • Paid parental and adoption leaves

  • Professional development opportunities for all employees regardless of level or role

  • Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections

  • Vibrant office culture with world class amenities

  • Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.

Similar Jobs

Open Systems Technologies - Solutions Consultant

Open Systems Technologies

Nashville, Tennessee, United States (On-Site)
1 Week ago
USE Insider - Account Director

USE Insider

Bangkok, Thailand (Hybrid)
1 Month ago
Sailpoint - Digital Sales Representative

Sailpoint

Madrid, Community Of Madrid, Spain (Hybrid)
2 Months ago
Nice - Engineering Team Lead

Nice

Prague, Prague, Czechia (Hybrid)
3 Weeks ago
EMA - Solutions Architect

EMA

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Grammarly - Engineering Manager, Growth

Grammarly

Berlin, Berlin, Germany (Hybrid)
2 Weeks ago
AECOM - Highway Engineering Technical Lead

AECOM

Wilmington, Delaware, United States (Hybrid)
1 Month ago
Zeeco, Inc. - Process Engineer

Zeeco, Inc.

Lissone, Lombardy, Italy (On-Site)
8 Months ago
Apple - Tooling Engineer - Plastics

Apple

Cupertino, California, United States (On-Site)
1 Month ago
Apple - TouchID Sensor Design and Integration Electrical Engineer

Apple

Cupertino, California, United States (On-Site)
3 Weeks ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

USE Insider - Senior Machine Learning Engineer (Generative AI)

USE Insider

Istanbul, İstanbul, Türkiye (Remote)
5 Months ago
DevRev - Revenue: Account Executive

DevRev

Mumbai, Maharashtra, India (On-Site)
3 Months ago
Simcorp - Senior DevOps Engineer

Simcorp

Mexico City, Mexico (Hybrid)
3 Months ago
Glean - Data Science, Product

Glean

Palo Alto, California, United States (On-Site)
8 Months ago
Paytm - Product Management - Director Product - Risk Product

Paytm

Bengaluru, Karnataka, India (On-Site)
7 Months ago
Glean - Product Management Lead

Glean

Palo Alto, California, United States (Hybrid)
2 Months ago
Rippling - Account Executive - SMB - West

Rippling

San Francisco, California, United States (On-Site)
1 Year ago
Rippling - Implementation Specialist, Platform

Rippling

United States (Remote)
2 Months ago
Banyan Software - Senior Project Manager

Banyan Software

United States (On-Site)
3 Weeks ago
Enverus - Accounts Payable Specialist

Enverus

Bengaluru, Karnataka, India (Remote)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Tel Aviv-Yafo, Tel Aviv District, Israel

Varonis  - Frontend Angular Engineer - AI Security

Varonis

Herzliya, Tel Aviv District, Israel (Hybrid)
4 Months ago
Playtika - Loyalty Manager

Playtika

Israel (On-Site)
7 Months ago
Nice - Software Engineering Student

Nice

Ra'anana, Center District, Israel (Hybrid)
3 Weeks ago
NVIDIA - Senior Networking Security Research Architect

NVIDIA

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
5 Months ago
Unity - Project Manager

Unity

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
1 Month ago
Salesforce - Lead Software Engineer - Infra Team

Salesforce

Tel Aviv-Yafo, Tel Aviv District, Israel (Remote)
2 Weeks ago
Playtika - Technical Product Manager

Playtika

Israel (On-Site)
7 Months ago
NVIDIA - Senior Software Architect, Accelerated Computing SDN

NVIDIA

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
5 Months ago
plarium - Marketing Analytics Director

plarium

Herzliya, Tel Aviv District, Israel (Hybrid)
1 Month ago
Playtika - Marketing Creative Manager

Playtika

Israel (On-Site)
4 Months ago

Get notifed when new similar jobs are uploaded

Software Development & Engineering Jobs

Apple - Silicon Photonics Design & Packaging Engineer

Apple

Santa Clara, California, United States (On-Site)
1 Month ago
Alpha Sense - Senior Software Engineer

Alpha Sense

Helsinki, Uusimaa, Finland (Hybrid)
2 Months ago
WaveApps - Manager, Engineering

WaveApps

Canada (Remote)
3 Weeks ago
Marvell - Principal Design Engineer

Marvell

Santa Clara, California, United States (On-Site)
1 Year ago
Clearwater Analytics - Software Development Manager

Clearwater Analytics

Chicago, Illinois, United States (On-Site)
3 Weeks ago
BetterMe - Junior Shopify Engineer

BetterMe

Kyiv, Kyiv City, Ukraine (Remote)
1 Month ago
Global Business Travel - Software Development Engineer III

Global Business Travel

Gurugram, Haryana, India (On-Site)
1 Year ago
Apple - Analog IC Design Engineer

Apple

Cupertino, California, United States (On-Site)
2 Months ago
Saviynt - Senior Technical Support Engineer

Saviynt

Bengaluru, Karnataka, India (Hybrid)
1 Month ago
Highspot - Senior Software Development Engineer

Highspot

Hyderabad, Telangana, India (Hybrid)
2 Weeks ago

Get notifed when new similar jobs are uploaded

About The Company

CrowdStrike was founded in 2011 to fix a fundamental problem: The sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be solved with existing malware-based defenses. Founder George Kurtz realized that a brand new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware. There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.
View All Jobs

Get notified when new jobs are added by Crowd Strick