CSPM Detection Engineer - Israel

About the Role:

The Falcon Cloud Security (FCS) Detection Engineering team enables CrowdStrikes primary mission of Stopping the Breach through a shiftleft approach that focuses on helping customers of cloud computing manage their risk posture. We do this by writing and maintaining detection rules that assess cloud assets to identify risks and opportunities for improvement. We start by using research to define best practices for cloud security which we translate into detection rules we author and deploy as code into the FCS product ecosystem. In addition to posture management the Detection Engineering team researches threats to cloud services & assets and writes detection rules to identify abuses and attacks.

This role combines a blend of skill sets including security operations & incident response data analytics risk management software development and threat research. If you enjoy researching cloud security issues and developing detection content as code all in a fastpaced environment with broad collaboration across a diverse team this role is for you.

What Youll Do:

As a member of the Falcon Cloud Security Detection Engineering team you will be responsible for performing research into cloud threats vulnerabilities and abuses to determine configuration best practices that can be used to secure cloud services and assets. You will also be responsible for developing and deploying detection rules as code into the FCS product ecosystem along with writing descriptions that customers will use to understand and action alerts generated by these rules.

While this role is being sourced in the EMEA global region the core of the FCS Detection Engineering team is USbased. This role will honor a working day within local standard business hours for each team member but will also require regular participation in team meetings and live collaboration with USbased staff. Candidates should expect a variable working window that may shift from starting at 9:00am to 10:00am and end at 6:00pm to 7:00pm.

• Translating use case descriptions into requirements for new code

• Configuring cloud assets to match the use case

• Writing code that searches collected data for attributes matching our use case

• Bundle the code into a productized template with additional descriptive data

• Deploy and test the new code in the product pipeline

• Deploy and validate the new code in production

• Perform ongoing maintenance / support for our new code

This is mostly software development although closer to what we call content development in the security world but done in a SaaS ecosystem.

This is also all done within the context of cloud security but specifically of cloud governance risk management and compliance (GRC).

What Youll Need:

• Professional experience in cloud securityrelated operations and engineering roles specifically related to threat detection incident response and risk management.

• Experience with data analytics including searching large data sets correlating attributes interpreting results extracting insights and forming datadriven conclusions.

• Experience with searching data with analytics tools including Elastic Search Splunk or a SIEM.

• A working practical knowledge of at least one of the following Cloud Service Providers: AWS Azure GCP OCI.

• A practical understanding of industry security standards and control frameworks such as NIST CISA CIS HIPAA HISTRUST PCI and others.

• Experience developing deploying and maintaining code in formalized software development/CICD workflows including the use of BitBucket to manage code deployments.

• Familiarity with the Agile methodology for project management.

• Experience in a DevOps or similar role that required use of Python and GO.

• Ability to author and run Elastic Search queries and interpret results from large data sets.

• Proficient in the English language with strong written and verbal communication skills.

• A passion for quality and experience optimizing results.

Bonus Points:

• Experience writing detection rules with the Open Policy Agent query language Rego.

• Having served in a role focused on Detection Engineering; writing detection rules used by other teams.

• Formalized training or certification in cloud computing including administration development engineering or architecture.

The work:

We develop and insert new code into a SaaS platform by updating configuration files read by custombuilt services in a data analytic and presentation ecosystem. The code we deploy into the SaaS platform is designed to read cloud asset configurations compare them to configuration standards and generate a finding if the asset configuration fails one of our checks.

We receive content use cases in the form of loosely described requirements or a configuration scenario or best practice. We then create cloud assets and configure them to match the described scenario. Then we capture the data that is generated in our SaaS pipeline from our cloud assets and we use it to author a content rule that checks other cloud assets for that same configuration state. We deploy these into the product ecosystem through CI/CD processes as templates with additional meta data that describes the scenario to customers of the platform.

#LIMZ1