Penetration Test Engineer

Information Security Remote, United States


About CrowdStrike

At CrowdStrike we’re on a mission - to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a future-proof manner. We’ve earned numerous honors and top rankings for our technology, organization and people – clearly confirming our industry leadership and our special culture driving it. We also offer flexible work arrangements to help our people manage their personal and professional lives in a way that works for them. So if you’re ready to work on unrivaled technology where your desire to be part of a collaborative team is met with a laser-focused mission to stop breaches and protect people globally, let’s talk.

About the Role

Good at breaking things? This job is for you! This position is responsible for developmental and operational penetration testing for our product and all our online properties.

This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least two years of experience performing penetration tests using a mix of commercially available, open source and personally built tools. A solid understanding of network protocols, server and web application weaknesses is also needed. The successful candidate will also have good communication skills and will provide a high level of security expertise to the company while working in a complex distributed IT environment.

Essential Duties and Responsibilities

  • Perform comprehensive penetration testing assessments across the organization.
  • Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.
  • Work with various different business units to perform penetration testing assessments on systems or applications before go live rollouts.
  • Examine systems and applications to assess the current security posture.
  • Manage penetration testing related tickets to ensure issues are remediated within proper timelines.
  • Advocate for security best practices across the organization.

What You'll Need

Required

  • Advanced knowledge of server and client operating systems.
  • Extensive computer skills and an understanding of networking, cryptography, web applications, databases, and wireless technologies.
  • Ability to prioritize impactful findings and drive these items to remediation.
  • Experience working with Mac, Windows, Linux and/or other Unix-like variants.
  • Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.
  • A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.
  • Possess the ability to work independently.
  • Proactive go getter attitude to solve challenging problems.
  • Stays up to date with current vulnerabilities and vulnerability related news in various industries.
  • Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, Perl, BASH)
  • The ability to work with teammates across the organization and maintain healthy working relationships.

Preferred

  • Experience working with bug bounty programs.
  • Experience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, and additional components in this area.
  • Ability to utilize and write scripts against common web APIs (REST, SOAP).
  • Knowledge of cloud platforms and highly concurrent systems.
  • Knowledge of build pipelines and CI tools.
  • You’re a clear thinker and efficient communicator (i.e. written and verbal).
  • Ability to create elegant looking PowerPoints or Slide Decks.

Education/Certifications/Experience

  • Technical security certifications or academic background a plus.
  • CVEs or bug bounty rewards
  • Documented CTF writeups or victories
  • Hacker or professional group affiliations

Benefits of Working at CrowdStrike:

  • Market leader in compensation and equity awards
  • Competitive vacation policy
  • Comprehensive health benefits + 401k plan 
  • Paid paternity and maternity leave, including adoption
  • Flexible work environment
  • Wellness programs
  • Stocked fridges, coffee, soda, and lots of treats

We are committed to building an inclusive culture of belonging that not only embraces the diversity of our people but also reflects the diversity of the communities in which we work and the customers we serve. We know that the happiest and highest performing teams include people with diverse perspectives and ways of solving problems so we strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work. 

CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. 

 #LI-NT1