Sr. Software Engineer - Linux Detections

About the Role:

CrowdStrike is looking for a Senior Software Engineer to join our growing Endpoint Protection Content Development (EPPC) team which focuses on security related endpoint development on Windows macOS and Linux.

The Endpoint Protection Content Development (EPPC) team is a central part of CrowdStrike’s mission - “We Stop Breaches.'  In EPPC we implement strategies and processes that detect and prevent suspicious or malicious behavior. Our goal is to automatically stop the bad guys where possible and to provide useful visibility and guidance to security analysts when new previously unknown adversarial activity occurs. We research attacker behavior to understand their tools and techniques and we build capabilities to detect and prevent malicious activity. Our detection strategies are often performed directly on the endpoint but are also executed in the cloud and may utilize a hybrid strategy combining aspects of both environments.  This ability to leverage a variety of tools across the CrowdStrike stack allow us to accomplish our detection goals while balancing local resource utilization and false positives for our customers.

As a software engineer within the EPPC team you will be focused on the analysis and development of detections for Linux based attack techniques across supported Linux versions.  You’ll work collaboratively to implement these detections within the Falcon sensor which is a lightweight agent that observes system activity recognizes malicious behavior provides on-box prevention capability and sends relevant security related data and telemetry to the Falcon cloud.  We're looking for smart people who want to be challenged and take ownership of what they build.

What You'll Do:

• Design and build detection logic and systems leveraged across teams within CrowdStrike to detect cyber attackers and stop breaches.

• Extend our existing codebase and test suites utilizing C++ Python and other tools as appropriate.

• Brainstorm define and build collaboratively across multiple teams.

• Build elegant robust and reliable solutions for complex technical problems in both user and kernel space.

• Be passionate about learning and champion the newest technologies & tricks with others raising the technical IQ of the team.

• Deliver and accept feedback with grace and courtesy.

• Troubleshoot issues within the product when necessary assisting customer support.

• Leverage your understanding of engineering best practices including topics like secure coding testing paradigms effective peer code reviews logging and resilient architecture patterns to ensure that our code is clean.

• Be an energetic ‘self-starter’ with the ability to take ownership and be accountable for deliverables both individually and when leading a team.

What You'll Need:

• 5+ years of experience with either:

  • Reverse engineering threat detection and malware analysis; and an interest in on-device development or

  • Designing building and delivering high-quality software in C/C++ with an interest in security.

• Low-level OS knowledge of Linux operating system internals components APIs and design.

• Team player – able to communicate collaborate and work effectively in a globally distributed team.

Preferred Qualifications:

• Prior security experience particularly in exploit and vulnerability analysis.

• Prior experience working with kernel space and multi-threaded concurrent systems development in any of our supported platforms with an interest in growing skills in all of them.

• Prior development or testing experience with python.

• Prior experience delivering software via agile processes.