Engineer III - Vulnerability Analyst
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. With the ability to collect and process over 100 billion events a day, CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. We are one of the World's Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success.
We have received a number of exciting awards including:
- October 2018: 100 Best Medium Workplaces Second Year in a Row by Fortune magazine.
- June 2018: Closed over $200 million, led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG (Google), achieving a valuation of more than $3 billion.
- April 2018: CrowdStrike Wins SC Award for Best Security Company Second Year in a Row.
Falcon Spotlight is the industry’s first scanless endpoint vulnerability assessment solution, delivering real-time, zero-impact assessments of endpoint security posture. Falcon Spotlight adds preparation and readiness to the unparalleled prevention, detection and response provided by the Falcon platform, resulting in a stronger security posture and unprecedented breach protection.
This role will be looking for information about various kinds of security vulnerabilities, known or unknown, including zero day vulnerabilities and enriching the CS vulnerability data. The person will be required to analyse the data, identify its criticality, also automate simple tasks. He/ she will also be responsible for troubleshooting issues with current data and making enhancements. Knowledge and understanding of Cyber security, related risks and mitigation technologies is required.
- Collecting, analyzing, interpreting, evaluating, and integrating vulnerability data from multiple sources to update existing product
- Troubleshooting vulnerability issues/ gaps that arise
- Vulnerability data discovery and validation
- Develop, test and modify custom scripts and applications for vulnerability
- Manually validate report findings to reduce false positives
- Compile and track vulnerabilities over time for metrics purposes
- Collaborate with multi-functional team in various physical locations
- Other projects as assigned
- Experience level 2-6 years.
- Programming/scripting knowledge for automating day to day tasks – Python preferable but any other programming/scripting language will do – Perl, Ruby.
- Exposure to database (querying ability) will be a plus – SQL or any NoSQL database.
- Thorough understanding of vulnerabilities reported by various sources and their types.
- Understanding of impact of vulnerabilities and scoring system knowledge eg CVSSv2 and v3.
- Research mindset, has a hold on where to look for relevant information pertaining to reported vulnerabilities.
- Ability to communicate, collaborate, and work effectively in a distributed team
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industry’s best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.