at CrowdStrike, Inc. in Springfield, Illinois, United States
Job Description
CrowdStrike, Inc.Full time
R19097
About the Role:
The CrowdStrike Next-Generation Security Information and Event Management (NG SIEM) Response team is seeking an experienced and passionate professional to analyze threat actor tactics ranging from prevalent to the most obscure, and to drive efforts to mitigate them by implementing robust coverage. The team is focused on improving detection capability and efficacy for the Falcon NG SIEM platform through tactical analysis of ongoing attacks by criminal and nation state actors impacting our customer base. If you have demonstrable proficiency in using traditional SIEM systems, Security Orchestration, Automation and Response (SOAR) tools and real-world experience dealing with advanced threat actors (nation-state, criminal, hacktivist or other), we have a role for you!
What You’ll Do:
The role requires independent work as well as the ability to work in a team environment. In this role, you will be expected to be a Subject Matter Expert (SME), to analyze large data sets and to be able to emulate threat actor tactics to write effective and efficient threat detection rules. You will be expected to mentor other team members, and to actively participate in knowledge transfers both internal and external to the team. In addition, this role will require you to take initiative to identify and solve important issues facing our customers. Ultimately, you will work alongside the leaders within the team to set the technical direction and influence decision making that would have a direct impact on the product.
What You’ll Need:
The role will be in a cutting-edge threat detection engineering team regularly facing off against sophisticated malicious techniques and cyber criminals. We would like to hear from you if:
You have a passion for stopping criminals and making this a safer cyber world
You are capable and comfortable communicating information to both technical and executive-level stakeholders
You have a deep understanding of the threat landscape and are experienced in applying that knowledge to identify trends to anticipate shifts in tactic, technique and procedures (TTPs) to implement emulations and engineer detection solutions
You are comfortable assessing cyber threat intelligence, open source intelligence or partner reporting
You have working knowledge of programming and scripting languages, in particular Python, Go, or Rust
You have experience emulating threat actor TTPs to drive detection content development
You have experience in a security operations center or similar environment tracking threat actors and responding to incidents
You are looking for a dynamic, fast-paced and challenging role in an unconventional team environment
You have experience with one or more SIEM/SOAR products (Splunk, Elastic Stack, LogRhythm, QRadar, etc.)
Bachelor’s degree in information security, computer science or more than 7 years of equivalent work experience
Demonstrated ability to convey technical concepts to audiences with varying technical prowess
Willingness to teach and mentor others on the team
Bonus Points:
Contributions to the open source community (GitHub, Stack Overflow, blogging)
P
PI242375846
CrowdStrike, Inc. is an Equal Opportunity Employer and does not discriminate against any applicants for employment based on their race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, physical or mental disability, genetic information, veteran status, uniformed service member status, or any other status protected by law.
