Cloud Runtime Threat Detections Engineer (Hybrid, ROU)

About the Role:
The Cloud Content team is a major contributor to Falcon Cloud Security Platform tasked with the critical mission of safeguarding cloud environments through innovative detection and response capabilities. This specialized team comprises cloud security experts researchers and detection engineers in various time zones working in unison to ensure our customers cloud workloads are secure against the ever-changing threats in the security landscape.

This role provides a unique opportunity to join a team with strategic importance to protecting our customers from emerging threats and novel attack methodologies in both cloud and Linux based environments. You will stay ahead of the curve with regards to the threat landscape and your research will directly impact the direction of the team and our product.

If you have a strong passion for security and technology have an interest in supporting engineering projects and want to gain real-world experience in dealing with advanced threat actors targeting cloud environments we have a role for you!
Your contributions will enable continuous improvement of CrowdStrikes cloud detection capabilities ensuring that our customers can be secured with the most advanced security measures in place.

What Youll Do:
Threat Intelligence & Detection Strategy:

• Stay abreast of the latest threat landscape and cloud security trends continuously updating detection strategies to address emerging threats and vulnerabilities across Linux container Kubernetes and virtualization platforms

• Conduct proactive threat hunting exercises leveraging customer intrusion data to identify security gaps and emerging attack patterns within cloud-native and traditional infrastructure

• Analyze real-world security incidents to reverse-engineer adversary techniques and translate threat intelligence into actionable detection coverage

Rapid Incident Response:

• Execute rapid responses to critical security incidents deploying detection coverage at global scale

• Respond quickly to extensive exploitation campaigns following vulnerability disclosures developing and validating detections for emerging CVEs and attack vectors

• Collaborate with research incident response and threat intelligence teams to identify detection opportunities from active security events

Detection Engineering & Development:

• Develop implement and optimize detection logic tailored to cloud runtime environments

• Conduct efficacy analysis and false positive reduction through continuous monitoring testing and tuning

• Leverage automation and AI-powered tools to scale detection development and gap analysis processes

Platform Expansion & Innovation:

• Drive detection engineering initiatives for emerging platforms including Kubernetes audit logs ESXi/vSphere environments and network-based detection capabilities

• Research and implement novel detection approaches for container escapes process injection in-memory execution and other advanced evasion techniques

• Develop automation and tooling to improve detection quality testing efficiency and deployment velocity

• Collaborate with engineering teams on sensor enhancements parser improvements and platform feature development to expand detection visibility

Thought Leadership & Community Engagement:

Track and present threat detection findings including recommended strategies and product improvements to internal stakeholders and leadership
Write and publish technical blog posts showcasing detection engineering methodologies threat research and innovative approaches to cloud security
Represent CrowdStrike at industry conferences delivering presentations on detection engineering threat campaigns and cloud security trends

What Youll Need:
Required Technical Skills:

• Deep understanding of Linux-based systems including process execution file systems networking and kernel internals

• Demonstrated experience in container/container orchestrator intrusion analysis detection development or malware analysis

• Proficiency with programming and scripting languages particularly Python and Bash for automation and tooling development

• Experience with large-scale data analysis using SIEM or data analytics platforms

• Knowledge of detection engineering methodologies including behavioral analysis static/dynamic indicators and pattern matching

Desired Experience:

• Hands-on experience with Kubernetes Docker ESXi/vSphere or other cloud-native and virtualization platforms

• Familiarity with MITRE ATT&CK framework and ability to map adversary techniques to detection logic

• Experience analyzing CVEs proof-of-concept exploits and developing detection coverage for vulnerability exploitation

• Background in threat hunting incident response or security operations

• Understanding of web application security including webshell detection SQL injection and remote code execution

Threat Intelligence & Research:

• Comfortable assessing and operationalizing cyber threat intelligence open source intelligence (OSINT) and partner threat reporting

• Keen interest in security research field including following subject matter expert blogs participating in CTFs and building static/dynamic analysis environments

• Ability to reverse-engineer malware samples attack scripts and exploitation techniques to inform detection strategies

• Experience with threat actor tradecraft and campaign analysis

Soft Skills & Attributes:

• Capable and comfortable communicating complex technical information to both technical and non-technical stakeholders

• Strong presentation skills for internal knowledge sharing and external conference speaking

• Excellent problem-solving abilities with a data-driven approach to decision making

• Collaborative mindset with proven ability to work effectively across distributed teams

• Deep drive to stop the bad guys and protect customers from real-world threats

• Self-motivated with ability to manage multiple priorities and adapt to rapidly changing threat landscape

• Strong written communication skills for documentation blog posts and technical analysis

Bonus points:

• You have understanding of cloud-based infrastructure and cloud service models (IaaS PaaS Saas)

• You have extensive experience in securing services operating on public cloud services (Azure AWS Google Cloud)

• You have a good understanding of managed Kubernetes services (AKS EKS GKS)

• Contributions to the open source community (GitHub Stack Overflow blogging)

• Published research papers at conferences or through other mediums (blogs articles)

#LI-DM1

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs

• Competitive vacation and holidays for recharge

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks geographic neighborhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race color creed ethnicity religion sex (including pregnancy or pregnancy-related medical conditions) sexual orientation gender identity marital or family status veteran status age national origin ancestry physical disability (including HIV and AIDS) mental disability medical condition genetic information membership or activity in a local human rights commission status with regard to public assistance or any other characteristic protected by law. We base all employment decisions--including recruitment selection training compensation benefits discipline promotions transfers lay-offs return from lay-off terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation please contact us at for further assistance.