Sr. Software Engineer - Linux Detections

About the Role:

CrowdStrike is looking for a Senior Software Engineer to join our growing Endpoint Protection Content Development (EPPC) team which focuses on security related endpoint development on Windows, macOS, and Linux.

The Endpoint Protection Content Development (EPPC) team is a central part of CrowdStrike’s mission - “We Stop Breaches.'  In EPPC, we implement strategies and processes that detect and prevent suspicious or malicious behavior. Our goal is to automatically stop the bad guys where possible, and to provide useful visibility and guidance to security analysts when new previously unknown adversarial activity occurs. We research attacker behavior to understand their tools and techniques, and we build capabilities to detect and prevent malicious activity. Our detection strategies are often performed directly on the endpoint, but are also executed in the cloud and may utilize a hybrid strategy combining aspects of both environments.  This ability to leverage a variety of tools across the CrowdStrike stack allow us to accomplish our detection goals while balancing local resource utilization and false positives for our customers.

As a software engineer within the EPPC team you will be focused on the analysis and development of detections for Linux based attack techniques across supported Linux versions.  You’ll work collaboratively to implement these detections within the Falcon sensor which is a lightweight agent that observes system activity, recognizes malicious behavior, provides on-box prevention capability, and sends relevant security related data and telemetry to the Falcon cloud.  We're looking for smart people who want to be challenged and take ownership of what they build.

What You'll Do:

• Design and build detection logic and systems leveraged across teams within CrowdStrike to detect cyber attackers and stop breaches.

• Extend our existing codebase and test suites utilizing C++, Python, and other tools as appropriate.

• Brainstorm, define, and build collaboratively across multiple teams.

• Build elegant, robust, and reliable solutions for complex technical problems in both user and kernel space.

• Be passionate about learning, and champion the newest technologies & tricks with others, raising the technical IQ of the team.

• Deliver and accept feedback with grace and courtesy.

• Troubleshoot issues within the product when necessary, assisting customer support.

• Leverage your understanding of engineering best practices, including topics like secure coding, testing paradigms, effective peer code reviews, logging, and resilient architecture patterns, to ensure that our code is clean.

• Be an energetic ‘self-starter’ with the ability to take ownership and be accountable for deliverables, both individually and when leading a team.

What You'll Need:

• 5+ years of experience with either:

  • Reverse engineering, threat detection, and malware analysis; and an interest in on-device development, or

  • Designing, building, and delivering high-quality software in C/C++ with an interest in security.

• Low-level OS knowledge of Linux operating system internals, components, APIs, and design.

• Team player – able to communicate, collaborate, and work effectively in a globally distributed team.

Preferred Qualifications:

• Prior security experience, particularly in exploit and vulnerability analysis.

• Prior experience working with kernel space and multi-threaded concurrent systems development in any of our supported platforms, with an interest in growing skills in all of them.

• Prior development or testing experience with python.

• Prior experience delivering software via agile processes.