Senior Software Engineer – Linux/Mac Detections (Remote)

At CrowdStrike we’re on a mission – to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a future-proof manner. We’ve earned numerous honors and top rankings for our technology, organization and people – clearly confirming our industry leadership and our special culture driving it. We also offer flexible work arrangements to help our people manage their personal and professional lives in a way that works for them. So if you’re ready to work on unrivaled technology where your desire to be part of a collaborative team is met with a laser-focused mission to stop breaches and protect people globally, let’s talk.

About the Role

CrowdStrike is looking for a Senior Software Engineer to join our growing Engine and Content Development (ECD) team which focuses on security related endpoint development on Windows, macOS, and Linux.

The Engine and Content Development team is a central part of CrowdStrike’s mission – “We Stop Breaches.”  In ECD, we implement strategies and processes that detect suspicious or malicious behavior. Our goal is to automatically stop the bad guys where possible, and to provide useful visibility and guidance to security analysts when new previously unknown adversary activity occurs. We research attacker behavior to understand their tools and techniques, and we build capabilities to detect and prevent malicious activity. Our detection strategies are often performed directly on the endpoint, but are also executed in cloud and may utilize a hybrid strategy combining aspects of both environments.  This ability to leverage a variety of tools across the CrowdStrike stack allow us to accomplish our detection goals while balancing local resource utilization and false positives for our customers.

As a sensor engineer within the ECD team you will be focused on the analysis and development of detections for Unix based attack techniques across supported macOS and Linux versions. You’ll work collaboratively to implement these detections within the Falcon sensor which is a lightweight kernel-level module that observes system activity, recognizes malicious behavior, provides on-box prevention capability, and sends relevant security related data and telemetry to the Falcon cloud. You’ll help develop creative and resourceful ways to detect Mac/Linux specific threats while also helping develop cross platform features that cut across core OS subsystems such as analysis of file system, memory, process, and network telemetry. You’ll get exposure to both user-level and kernel-level coding practices.  You’ll collaborate with multiple teams within engineering, and will be expected to make significant contributions to the design and implementation of major development projects. We’re looking for smart people who want to be challenged and take ownership of what they build.

You will:

• Design and build detection logic and systems leveraged across teams within CrowdStrike to detect cyber attackers and stop breaches.
• Extend our existing codebase and test suites utilizing C++, Python, and other tools as appropriate.
• Brainstorm, define, and build collaboratively across multiple teams.
• Build elegant, robust, and reliable solutions for complex technical problems.
• Obsess about learning, and champion the newest technologies & tricks with others, raising the technical IQ of the team.
• Deliver and accept feedback with grace and courtesy.
• Troubleshoot issues within the product when necessary, assisting customer support.
• Leverage your understanding of engineering best practices, including topics like secure coding, testing paradigms, effective peer code reviews, logging, and resilient architecture patterns, to ensure that our code is clean.
• Be an energetic ‘self-starter’ with the ability to take ownership and be accountable for deliverables, both individually and when leading a team.

Key Qualifications:

• 5+ years of experience with EITHER one of:
  • Reverse engineering, threat detection, and malware analysis; and an interest in on-device development, or
  • Designing, building, and delivering high-quality software in C/C++ with an interest in security.
• Low-level OS knowledge of macOS and/or Linux operating system internals, components, APIs, and design.
• Team player – able to lead, mentor, communicate, collaborate, and work effectively in a globally distributed team.

Preferred Qualifications:

• Prior security experience, particularly in exploit and vulnerability analysis.
• Prior experience working with low-level code, such as OS kernel, firmware or device drivers.
• Low-level OS knowledge and experience with one of more of our supported sensor platforms including Windows, macOS, and Linux.
• Understanding of kernel-mode and multi-threaded concurrent systems development in any of our supported platforms, with an interest to grow skills in all of them.
• Prior development or testing experience with python.
• Prior experience delivering software via agile processes.

#LI-DG1

#LI-NT1

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards
• Competitive vacation policy
• Comprehensive health benefits + 401k plan 
• Paid parental leave, including adoption
• Flexible work environment
• Wellness programs
• Stocked fridges, coffee, soda, and lots of treats