CrowdStrike is looking for a Penetration Test Engineer II to conduct developmental and operational security testing for our products and online properties. Join a mission-driven company focused on innovation and customer commitment.

What You'll Do

Perform comprehensive penetration testing assessments across the organization.
Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.
Work with various different business units to perform penetration testing assessments on systems or applications before go live rollouts.
Examine systems and applications to assess the current security posture.
Manage penetration testing related tickets to ensure issues are remediated within proper timelines.
Advocate for security best practices across the organization.

What We're Looking For

At least two years of experience performing penetration tests using a mix of commercially available, open source, and personally built tools.
Advanced knowledge of server and client operating systems.
Extensive computer skills and an understanding of networking, cryptography, web applications, databases, and wireless technologies.
Ability to prioritize impactful findings and drive these items to remediation.
Experience working with Mac, Windows, Linux and/or other Unix-like variants.
Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.
A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.
Possess the ability to work independently.
Proactive go-getter attitude to solve challenging problems.
Stays up to date with current vulnerabilities and vulnerability related news in various industries.
Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, Perl, BASH).
The ability to work remotely with teammates across the organization and maintain healthy working relationships.

Nice to Have

Familiarity with the OWASP Top 10 list.
Experience working with cloud technologies (AWS, GCP, Azure, Kubernetes or Docker), infrastructure as code tools (e.g., Terraform, Ansible), and/or container technologies.
Familiarity with common threat actor tools, techniques, and procedures (TTPs), attack kill chains, and security control evasion.
Experience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, and additional components in this area.
Ability to utilize and write scripts against common web APIs (REST, SOAP).
Knowledge of cloud platforms and highly concurrent systems.
Knowledge of build pipelines and CI tools.
You’re a clear thinker and efficient communicator (i.e. written and verbal).
Ability to create elegant looking slide decks.
Technical security certifications or academic background are a plus.
CVEs or bug bounty rewards.
Documented CTF write-ups or victories.
Hacker or professional group affiliations.

Technical Stack

Languages/Scripting: GoLang, Python, Ruby, Perl, BASH
Cloud: AWS, GCP, Azure
Infrastructure: Kubernetes, Docker, Terraform, Ansible

Benefits & Compensation

Salary: $80,000 - $130,000 per year + variable/incentive compensation + equity.
Remote-friendly and flexible work culture.
Market leader in compensation and equity awards.
Comprehensive physical and mental wellness programs.
Competitive vacation and holidays for recharge.
Paid parental and adoption leaves.
Professional development opportunities for all employees regardless of level or role.
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections.
Vibrant office culture with world class amenities.

Work Mode

This is a fully remote position open to candidates based in the U.S.

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed.