Sr. Threat Researcher (Remote) at CrowdStrike, Inc. in Sunnyvale, California
Posted in Other 7 days ago.
Job Description:
CrowdStrike, Inc.Full time
R22632
About the Team:
The CrowdStrike Malware Research Center is the core of Falcon’s malware detection and response capabilities. The team has a focus on understanding the threat landscape and sets the target for what Falcon should be identifying and preventing. Additionally, the MRC is responsible for understanding our capabilities, and mapping how well our machine learning and behavioral protection capabilities are doing against those threats. Where there is a gap, the MRC takes action to improve our detection stance, and improve our overall protection story. MRC also performs pathfinding research to enable technology development using innovation, prototyping and bleeding edge machine learning to support our flagship Falcon product. There are many parts of CrowdStrike working towards protecting customer environments, and the MRC works across all of them to ensure we are on target and providing the best protection for our current Threat landscape.
About the Role:
Leading the charge for understanding the activity of malware today is the Threat Research team. With a focus on malware research, the primary role of the team is to understand relevant threats and techniques used in malware that are threatening our customer’s business. The challenge is the enormous scale of malware today and sheer number of samples required to be addressed. This takes a more creative approach than traditional Anti-Virus research, focusing on one sample at a time. The modern threat lab requires an economy of scale through automation and machine learning to allow people to focus on new learnings, and let systems continue to identify malware based on what the team has learned.
What You'll Do:
The Threat Analyst will take input from many sources and validate if those threats are something Falcon can mount an effective defense against. The analysis can range from simple execution and review of the behaviors to reverse engineering. As Falcon is first a behavior based system, understanding how the threat is working and what it is doing to interact with the host environment can be important. The Threat Analyst will be expected to use the appropriate technique to efficiently understand the threat to identify how to best mitigate it.
Additionally, this role will be looked on as the go to person when new threats are reported for understanding those threats and formulating an opinion on how we should be thinking about the threat. Leaning on a proven track record of threat analysis, the successful candidate will be comfortable working to focus on the appropriate threats and clearly communicating key technical details of those threats.
As the gateway to the response organization for many new threats, good cross team collaboration skills are important. Clear, effective communication of technical details in a means which is actionable is the key to success.
Another aspect of the position is working with the engineering team to define automation improvements and process automation to reduce time and manual effort in the analysis of threats. Like communicating the threat details, prioritizing automation tasks and features will help define success of the role. Being able to understand the bigger picture of threat analysis and convey that to the engineering team which may not be familiar with the process will be required. The team will look to the successful candidate to help define and prioritize the roadmap for analysis automation. These are the tools and systems which will ultimately automate manual data collection so more time can be spent on understanding the threat.
What You'll Need:
6+ years’ experience in the threat research field with a focus on malware analysis with experience in cloud threat actor tradecraft
A proven background in reverse engineering and disassembly on file-based threats, exploits, and other attack techniques
Experience with AWS tradecraft, adversary use of Infrastructure as a Service (IaaS), Infrastructure as Code (IaC), or threat actor use of cloud Identity and Access Management (IAM)
Proficiency in disassembly and operating system internals.
Expert level familiarity with at least one major Operating System is required as a behavior based system requires in-depth knowledge of how the host OS appears, as opposed to how the end user sees it
Knowledge of using MITRE ATT&CK to describe threat behaviors
Proficiency in at least one programming or scripting language
The Threat Research team is supported by an engineering team, but proof of concept automation is produced by researchers. You should have experience handing off research to engineering to produce results and the ability to produce small code projects to address immediate needs.
Strong interpersonal communications skills, with the ability to demonstrate leadership and team building expertise.
#LI-Remote
#LI-RC1
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
Right to Work
Equal employment opportunity, including veterans and individuals with disabilities.
PI266058160
More jobs in Sunnyvale, California
|
Comcast |
|
Comcast |
|
Walmart
$143,000.00 - $286,000.00 per year
|
More jobs in Other
|
Loyola University Chicago
$0.00 - $100.00 per hour
|
|
Loyola University Chicago
$0.00 - $100.00 per hour
|
|
The Ohio State University
$0.00 - $100.00 per hour
|