About the Role:
The Cloud Content team is a major contributor to Falcon Cloud Security Platform, tasked with the critical mission of safeguarding cloud environments through innovative detection and response capabilities. This specialized team comprises cloud security experts, researchers, and detection engineers in various time zones working in unison to ensure our customers’ cloud workloads are secure against the ever-changing threats in the security landscape.
This role provides a unique opportunity to join a team with strategic importance to protecting our customers from emerging threats and novel attack methodologies in both cloud and Linux based environments. You will stay ahead of the curve with regards to the threat landscape and your research will directly impact the direction of the team and our product.
If you have a strong passion for security and technology, have an interest in supporting engineering projects, and want to gain real-world experience in dealing with advanced threat actors targeting cloud environments, we have a role for you!
Your contributions will enable continuous improvement of CrowdStrike’s cloud detection capabilities ensuring that our customers can be secured with the most advanced security measures in place.
What You'll Do:
Threat Intelligence & Detection Strategy:
Stay abreast of the latest threat landscape and cloud security trends, continuously updating detection strategies to address emerging threats and vulnerabilities across Linux, container, Kubernetes, and virtualization platforms
Conduct proactive threat hunting exercises leveraging customer intrusion data to identify security gaps and emerging attack patterns within cloud-native and traditional infrastructure
Analyze real-world security incidents to reverse-engineer adversary techniques and translate threat intelligence into actionable detection coverage
Rapid Incident Response:
Execute rapid responses to critical security incidents, deploying detection coverage at global scale
Respond quickly to extensive exploitation campaigns following vulnerability disclosures, developing and validating detections for emerging CVEs and attack vectors
Collaborate with research, incident response and threat intelligence teams to identify detection opportunities from active security events
Detection Engineering & Development:
Develop, implement, and optimize detection logic tailored to cloud runtime environments
Conduct efficacy analysis and false positive reduction through continuous monitoring, testing, and tuning
Leverage automation and AI-powered tools to scale detection development and gap analysis processes
Platform Expansion & Innovation:
Drive detection engineering initiatives for emerging platforms including Kubernetes audit logs, ESXi/vSphere environments, and network-based detection capabilities
Research and implement novel detection approaches for container escapes, process injection, in-memory execution, and other advanced evasion techniques
Develop automation and tooling to improve detection quality, testing efficiency, and deployment velocity
Collaborate with engineering teams on sensor enhancements, parser improvements, and platform feature development to expand detection visibility
Thought Leadership & Community Engagement:
Track and present threat detection findings, including recommended strategies and product improvements to internal stakeholders and leadership
Write and publish technical blog posts showcasing detection engineering methodologies, threat research, and innovative approaches to cloud security
Represent CrowdStrike at industry conferences, delivering presentations on detection engineering, threat campaigns, and cloud security trends
What You'll Need:
Required Technical Skills:
Deep understanding of Linux-based systems, including process execution, file systems, networking, and kernel internals
Demonstrated experience in container/container orchestrator intrusion analysis, detection development, or malware analysis
Proficiency with programming and scripting languages, particularly Python and Bash, for automation and tooling development
Experience with large-scale data analysis using SIEM or data analytics platforms
Knowledge of detection engineering methodologies including behavioral analysis, static/dynamic indicators, and pattern matching
Desired Experience:
Hands-on experience with Kubernetes, Docker, ESXi/vSphere, or other cloud-native and virtualization platforms
Familiarity with MITRE ATT&CK framework and ability to map adversary techniques to detection logic
Experience analyzing CVEs, proof-of-concept exploits, and developing detection coverage for vulnerability exploitation
Background in threat hunting, incident response, or security operations
Understanding of web application security, including webshell detection, SQL injection, and remote code execution
Threat Intelligence & Research:
Comfortable assessing and operationalizing cyber threat intelligence, open source intelligence (OSINT), and partner threat reporting
Keen interest in security research field, including following subject matter expert blogs, participating in CTFs, and building static/dynamic analysis environments
Ability to reverse-engineer malware samples, attack scripts, and exploitation techniques to inform detection strategies
Experience with threat actor tradecraft and campaign analysis
Soft Skills & Attributes:
Capable and comfortable communicating complex technical information to both technical and non-technical stakeholders
Strong presentation skills for internal knowledge sharing and external conference speaking
Excellent problem-solving abilities with a data-driven approach to decision making
Collaborative mindset with proven ability to work effectively across distributed teams
Deep drive to "stop the bad guys" and protect customers from real-world threats
Self-motivated with ability to manage multiple priorities and adapt to rapidly changing threat landscape
Strong written communication skills for documentation, blog posts, and technical analysis
Bonus points:
You have understanding of cloud-based infrastructure and cloud service models (IaaS, PaaS, Saas),
You have extensive experience in securing services operating on public cloud services (Azure, AWS, Google Cloud),
You have a good understanding of managed Kubernetes services (AKS, EKS, GKS),
Contributions to the open source community (GitHub, Stack Overflow, blogging)
Published research papers at conferences or through other mediums (blogs, articles)
