Insider Investigations Analyst (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn't changed - we're here to stop breaches, and we've redefined modern security with the world's most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We're always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About The Role:
CrowdStrike is looking for a highly motivated, self-driven Insider Investigations Analyst to support the Insider Risk Team Program via triage and investigation of detections and take action as appropriate (e.g. live response, containment, escalation, etc). This role is within our CSIRT team and is a remote position available to qualifying applicants.

What You'll Do:

• Participate in confidential insider risk investigations
• Create and implement insider risk related detections
• Perform detailed and comprehensive investigations, reviewing data from multiple data sources to include, but not limited to, network, host, and open source
• Communicate with end users regarding potential policy violations when appropriate
• Assist in data recovery efforts through the creation of comprehensive reports on an as-needed basis
• Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs) in a clear, logical, concise manner
• Handling confidential or sensitive information with appropriate discretion
• Assist in regular and sustained alert tuning efforts to minimize false positive results
• Ensure that all investigations are properly documented and tracked in appropriate case management systems
• Support Incident Response lifecycle via triage and investigation of detections and action as appropriate (e.g. live response, containment, escalation, etc.)
• Assist in the development of detection criteria, through ASM (Attack Surface Mapping), across a broad range of technologies and log sources
• Identify security controls coverage and efficiency gaps in available data/logs and tooling
• Provide information security summaries containing security metrics as required
• Participate in incident response and manage escalations as needed
• Drive efficient process development and documentation for all aspects of the Incident Response lifecycle
• Provide after-hours support on an on-demand basis

• Experience with data classification or risk scoring methodologies
• Excellent verbal and written communication skills with a strong emphasis on attention-to-detail
• Ability to triage and manage 2-3 investigations simultaneously
• Ability to work independently and coordinate with multiple internal departments as needed
• Experience responding to security event alerts, including front-line analysis and escalation, of hacktivist, cybercrime, and APT activity
• Theoretical and practical knowledge with Mac, Linux, and Windows operating systems
• Theoretical and practical knowledge with TCP/IP networking and application layers
• Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation
• Experience with access/application/system log analysis, IDS/IPS alerting and data flow, and SIEM-based workflows
• Experience with security data collection, processing, and correlation
• Capable of following technical instructions and completing technical tasks without supervision
• Desire to continually grow and expand both technical and soft skills
• Contributing thought leader within the incident response industry
• Ability to foster a positive work environment and attitude
• Scripting experience (Bash, PowerShell, etc.)
• Experience with REGEX and data stream editing binaries (SED, AWK, etc.)
• Experience with host database enumeration and analysis (SQL, SQLITE3)
• Experience with network analysis (TCPDump, TSHark/WireShark, etc.)
• Experience with basic static and dynamic host analysis (Order of Volatility, etc.)
• Experience with basic files analysis (permissions, ownership, metadata)
• Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes
• Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience.
• Obtained or Pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science

• Scripting experience highly desirable (Python, Perl, etc.)
• Experienced user of Splunk or Falcon LogScale query language
• Experience with user behavior analytics and profiling tools or methodologies
• Experience in creating and tuning detection/alert logic to provide greater fidelity and reduce false positives
• Experience in data loss prevention, data classification, and knowledge of common data loss vectors
• Previous project management experience desirable

• Remote-friendly and flexible work culture
• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe