Sr. Product Security Engineer, Application Security (Remote)

#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud-native platform has offered unparalleled protection against the most sophisticated cyberattacks. We work on large scale distributed systems, processing over 1 trillion events a day with a petabyte of RAM deployed in our Cassandra clusters - and this traffic is growing daily. We're looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to developing and shaping our cybersecurity platform. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.

• Join engineering teams working on applications as a security expert and advisor, influencing the design and capabilities of our products
• Create and maintain threat models to drive security decisions and minimize threat surface area
• Review application source code, looking for security defects and risk
• Attack applications throughout the Secure Development LifeCycle
• Work with developers to help them understand defects, risks, design weaknesses, etc. and implement proven solutions
• Build integrated tools and automation to make life easier for you, your team, and our engineering partners
• Assist in responding to our bug bounty program, hunt for similar issues, and improve the security of our applications

• An understanding of how software products are created and shipped in Agile/DevOps like environments
• Basic experience with threat modeling, especially using STRIDE
• Some experience in code review for apps built with Go (Golang), Python, Rust, or JavaScript (emphasis on browser-side)
• Knowledge of secure configuration of cloud-native and containerized apps in one or more Cloud environments (GCP, Azure, AWS)
• Experience using and/or maintaining commercially available AppSec tools like SAST, DAST, IAST, and ASPM suites
• An understanding of common software weaknesses that impact cloud and web applications (not just the OWASP Top 10) and experience in application penetration testing
• Comfort with collaborating across technical teams: asking technical questions, challenging assumptions, getting or providing context for decisions, etc.

• Self-motivated to identify security problems and engage with teams to find solutions
• Demonstrable experience developing/maintaining automation for application security tasks and defect identification
• Example(s) of having a positive working relationship with product engineers (software product development experience is a huge bonus)
• Knowledge of Docker and Kubernetes (k8s)
• Experience with WebAssembly (WASM)
• Engaged in providing security enhancements to open source projects

• Remote-first culture
• Market leader in compensation and equity awards
• Competitive vacation and flexible working arrangements
• Comprehensive and inclusive health benefits
• Physical and mental wellness programs
• Paid parental leave, including adoption
• A variety of professional development and mentorship opportunities
• Offices with stocked kitchens when you need to fuel innovation and collaboration