Sr. Threat Detection Engineer - XDR/NGSIEM (Remote)

Posted:
8/19/2024, 5:00:00 PM

Location(s):
Tel-Aviv, Tel-Aviv District, Israel ⋅ Bucharest, Romania ⋅ Tel-Aviv District, Israel

Experience Level(s):
Senior

Field(s):
IT & Security

Workplace Type:
Remote

​​#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud-native platform has offered unparalleled protection against the most sophisticated cyberattacks. We’re looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to the customer to join us in shaping the future of cybersecurity. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.

About the Role:

The CrowdStrike Next-Generation Security Information and Event Management (NG SIEM)  Response team is seeking an experienced and passionate professional to analyze threat actor tactics ranging from prevalent to the most obscure, and to drive efforts to mitigate them by implementing robust coverage.

The team is focused on improving detection capability and efficacy for the Falcon NG SIEM platform through tactical analysis of ongoing attacks by criminal and nation state actors impacting our customer base.

If you have demonstrable proficiency in using traditional SIEM systems, Security Orchestration, Automation and Response (SOAR) tools and real-world experience dealing with advanced threat actors (nation-state, criminal, hacktivist or other), we have a role for you!

What You'll Do:

The role requires independent work as well as the ability to work in a team environment. In this role, you will be expected to be a Subject Matter Expert (SME), to analyze large data sets and to be able to emulate threat actor tactics to write effective and efficient threat detection rules.

You will be expected to mentor other team members, and to actively participate in knowledge transfers both internal and external to the team.

In addition, this role will require you to take initiative to identify and solve important issues facing our customers. Ultimately, you will work alongside the leaders within the team to set the technical direction and influence decision making that would have a direct impact on the product.

The role will be in a cutting-edge threat detection engineering team regularly facing off against sophisticated malicious techniques and cyber criminals.

What You'll Need:

  • You have a passion for stopping criminals and making this a safer cyber world

  • You are capable and comfortable communicating information to both technical and executive-level stakeholders

  • You have a deep understanding of the threat landscape and are experienced in applying that knowledge to identify trends to anticipate shifts in tactic, technique and procedures  (TTPs) to implement emulations and engineer detection solutions

  • You are comfortable assessing cyber threat intelligence, open source intelligence or partner reporting

  • You have working knowledge of programming and scripting languages, in particular Python, Go, or Rust

  • You have experience emulating threat actor TTPs to drive detection content development

  • You have experience in a security operations center or similar environment tracking threat actors and responding to incidents

  • You are looking for a dynamic, fast-paced and challenging role in an unconventional team environment

  • You have experience with one or more SIEM/SOAR products (Splunk, Elastic Stack, LogRhythm, QRadar, etc.)


Bonus Points:

  • Contributions to the open source community (GitHub, Stack Overflow, blogging)

  • Published research papers at conferences or through other mediums (blogs, articles)

Requirements:

  • Bachelor’s degree in information security, computer science or more than 7 years of equivalent work experience

  • Demonstrated ability to convey technical concepts to audiences with varying technical prowess

  • Willingness to teach and mentor others on the team

#LI-AR1

#LI-Remote

#LI-BP1

Benefits of Working at CrowdStrike:

  • Remote-first culture

  • Market leader in compensation and equity awards with option to participate in ESPP in eligible countries

  • Competitive vacation and flexible working arrangements

  • Physical and mental wellness programs 

  • Paid parental leave, including adoption 

  • A variety of professional development and mentorship opportunities

  • Access to CrowdStrike University, LinkedIn Learning and Jhanna

  • Offices with stocked kitchens when you need to fuel innovation and collaboration

  • Birthday time-off in your local country

  • Work with people who are passionate in our mission and Great Place to Work certified across the globe

CrowdStrike is proud to be an equal opportunity and affirmative action employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. Our approach to cultivating a diverse, equitable, and inclusive culture is rooted in listening, learning and collective action. By embracing the diversity of our people, we achieve our best work and fuel innovation - generating the best possible outcomes for our customers and the communities they serve.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at [email protected] for further assistance.

CrowdStrike

Website: https://www.crowdstrike.com/

Headquarter Location: Sunnyvale, California, United States

Employee Count: 5001-10000

Year Founded: 2011

IPO Status: Public

Last Funding Type: Post-IPO Equity

Industries: Artificial Intelligence (AI) ⋅ Cloud Data Services ⋅ Cloud Security ⋅ Cyber Security ⋅ Network Security