Sr. Product Security Engineer, Application Security
4 weeks ago
About The Role:
Help us protect CrowdStrike and its customers from the most advanced threats by securing our applications. CrowdStrike’s Product Security team breaks the mold of traditional internal security, and focuses on active threats to CrowdStrike’s products. As an Application Security Engineer you will dig into web applications, find design and implementation flaws, help our product engineers fix defects, and play a role in shipping secure code. You’ll hunt for security defects and play a part in fixing those defects rather than just reporting them and hoping for the best. Additionally, you will be involved in cross-cutting projects to further harden internal systems and processes against active and emerging threats.
What You’ll Do:
Join engineering teams working on applications as a security expert and advisor, influencing the design and capabilities of our products
Create and maintain threat models to drive security decisions and minimize threat surface area
Review application source code, looking for security defects and risk
Attack applications throughout the Secure Development LifeCycle
Work with developers to help them understand defects, risks, design weaknesses, etc. and implement proven solutions
Build integrated tools and automation to make life easier for you, your team, and our engineering partners
Assist in responding to our bug bounty program, hunt for similar issues, and improve the security of our applications
We’re hiring this role at multiple levels, so we still want to hear from you even if you think you can’t do all of that – or if you can do more
What You’ll Need:
An understanding of how software products are created and shipped in Agile/DevOps like environments
Basic experience with threat modeling, especially using STRIDE
Some experience in code review for apps built with Go (Golang), Python, Rust, or JavaScript (emphasis on browser-side)
Knowledge of secure configuration of cloud-native and containerized apps in one or more Cloud environments (GCP, Azure, AWS)
Experience using and/or maintaining commercially available AppSec tools like SAST, DAST, IAST, and ASPM suites
An understanding of common software weaknesses that impact cloud and web applications (not just the OWASP Top 10) and experience in application penetration testing
Comfort with collaborating across technical teams: asking technical questions, challenging assumptions, getting or providing context for decisions, etc.
Bonus Points:
These skills are not required and/or we’re willing to teach them, but they are helpful.
Self-motivated to identify security problems and engage with teams to find solutions
Demonstrable experience developing/maintaining automation for application security tasks and defect identification
Example(s) of having a positive working relationship with product engineers (software product development experience is a huge bonus)
Knowledge of Docker and Kubernetes (k8s)
Experience with WebAssembly (WASM)
Engaged in providing security enhancements to open source projects
Education/Certifications:
Technical security certifications or academic background are a plus.
#LI-MF1
#LI-SF1
#LI-Remote
PandoLogic. Category:Technology, Keywords:Information Security Engineer, Location:AUSTIN, TX-78703-
N/A, United States CrowdStrike, Inc. Full timeAbout The Role:Help us protect CrowdStrike and its customers from the most advanced threats by securing our applications. CrowdStrike’s Product Security team breaks the mold of traditional internal security, and focuses on active threats to CrowdStrike’s products. As an Application Security Engineer you will dig into web applications, find design and...
-
Sr. Engineer
2 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:Help us protect CrowdStrike and its customers from the most advanced threats!As a Sr. Engineer in Product Security specializing in Cryptography – you will play a critical role in ensuring the security and integrity of our products and platforms. Cryptography is foundational to our customers’ trust – and you will be responsible for...
-
Sr. Product Security Engineer
4 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:Help us protect the Security Cloud from the most advanced threats! As a Sr. Security Engineer in Product Security, you will work hand-in-hand as a Security Partner to product engineers designing and implementing new services across our various Product teams to ensure security is built-in from the start. This highly dynamic, hands-on role...
-
Sr. Product Security Engineer
4 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:Help us protect the Security Cloud from the most advanced threats! As a Sr. Security Engineer in Product Security, you will work hand-in-hand as a Security Partner to product engineers designing and implementing new services across our various Product teams to ensure security is built-in from the start. This highly dynamic, hands-on role...
-
Sr. Engineer
2 days ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:Help us protect CrowdStrike and its customers from the most advanced threats! CrowdStrike’s Product Security team breaks the mold of traditional internal security and focuses on active threats to CrowdStrike’s products. As a Product Security Engineer on the Vulnerability Intelligence team, you will monitor for emerging vulnerabilities,...
-
Application Security Researcher
2 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The CrowdStrike Cloud Content team is an integral part of the Content Product Group, tasked with the critical mission of safeguarding cloud environments through innovative detection and response capabilities. This specialized team comprises cloud security experts, researchers, and engineers in various time zones working in unison to ensure our...
-
Sr. Engineer II
3 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout The Role:CrowdStrike is looking for a Sr. Cloud Engineer to join our growing Detections Platform team. The cloud side of the detections platform works in conjunction with on-endpoint code to detect security problems and incidents, automatically stop adversaries in their tracks, and provide actionable data to customers. We process massive amounts of...
-
Sr. Product Manager
3 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The Product Management team is seeking an experienced Sr. Product Manager who is technical, collaborative, and truly excited about building great endpoint products. In this role, you will bring your in-depth knowledge of the endpoint and security operations market to help guide the evolution of CrowdStrike’s visibility, detection, and...
-
Sr. Product Manager
3 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The Product Management team is seeking an experienced Sr. Product Manager who is technical, collaborative, and truly excited about building great endpoint products. In this role, you will bring your in-depth knowledge of the endpoint and security operations market to help guide the evolution of CrowdStrike’s visibility, detection, and...
-
Sr. Manager
2 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:NGSIEM (next-generation security information and event management) aims to revolutionize the SIEM space by providing a single solution for managing and operating on security data. A foundational pillar of the NGSIEM strategy is the content, schema and community (security analysts, content creators, partners and customers) that leverage our...
-
Sr. Manager
2 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:NGSIEM (next-generation security information and event management) aims to revolutionize the SIEM space by providing a single solution for managing and operating on security data. A foundational pillar of the NGSIEM strategy is the content, schema and community (security analysts, content creators, partners and customers) that leverage our...
-
Director, Engineering
4 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:We’re building a welcoming & flexible team that prizes collaboration over competition, one which provides opportunities to learn new skills, mentor junior and senior developers and contribute to the direction of both the team & the products we’re responsible for. This is a high trust environment where we allow team members to manage their...
-
Sr. DevOps Engineer
3 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:CrowdStrike is hiring a Sr. DevOps Engineer to help build and deploy automation and configuration to drive our massive scale. We are looking for a highly-technical, hands-on engineer with experience using configuration management software (Chef & Ansible) to release and manage software and container orchestration systems such as Kubernetes....
-
Senior ServiceNow Engineer
3 weeks ago
N/A, United States Northwestern Mutual Full timeAt Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference. This position is open to remote. However, if local to MKE or NYC, it will require some onsite presence each week (3 days in MKE or 2 days in NYC). At Northwestern Mutual, we believe...
-
Sr. Product Manager, SOAR
3 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The Product Management team is seeking an experienced Senior Product Manager who is technical, collaborative, and truly excited about building SOAR capabilities into the Falcon platform as a part of CrowdStrike’s NG-SIEM solution. In this role, you will bring your in-depth knowledge of the XDR, endpoint, SIEM, and SOAR markets to help guide...
-
Sr. Product Manager, SOAR
3 weeks ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The Product Management team is seeking an experienced Senior Product Manager who is technical, collaborative, and truly excited about building SOAR capabilities into the Falcon platform as a part of CrowdStrike’s NG-SIEM solution. In this role, you will bring your in-depth knowledge of the XDR, endpoint, SIEM, and SOAR markets to help guide...
-
Senior Security Researcher
6 days ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The CrowdStrike Next-Generation Security Information and Event Management (NGSIEM) Content Threat Research team is seeking an experienced and passionate security researcher to analyze threat actor tactics ranging from prevalent to the most obscure, and to drive efforts to mitigate them by implementing robust coverage. The team is focused on...
-
Sr. Security Researcher
7 days ago
N/A, United States CrowdStrike, Inc. Full timeAbout the Role:The CrowdStrike Next-Generation Security Information and Event Management (NGSIEM) Content Threat Research team is seeking an experienced and passionate security researcher to analyze threat actor tactics ranging from prevalent to the most obscure, and to drive efforts to mitigate them by implementing robust coverage. The team is focused on...
-
Sr. Applications Analyst
3 weeks ago
n/a, United States Houston Methodist Full timeAt Houston Methodist, the Senior Application Analyst position is responsible for expert level support and configuration of assigned applications. The position entails assisting, training and supporting customers and junior analysts with the operation and administration of systems. The Sr. Application Analyst trains and mentors more junior analysts. The Sr....
-
Sr Applications Analyst
4 weeks ago
n/a, United States Houston Methodist Full timeAt Houston Methodist, the Senior Application Analyst position is responsible for expert level support and configuration of assigned applications. The position entails assisting, training and supporting customers and junior analysts with the operation and administration of systems. The Sr. Application Analyst trains and mentors more junior analysts. The Sr....
