CrowdStrike is hiring a Red Team Technical Operations Engineer (Remote)

Responsibilities

• Build and maintain product testing systems that generate data for a decision support system.
• Actively use systems to provide bespoke tactical intelligence to operators on engagements.
• Respond to regular product updates to ensure capabilities are functional and resilient.
• Development tasks that are both malware-oriented and platform-oriented.
• Programming for Windows, Linux, and macOS platforms (user- and kernel-mode).
• Programming related to event streaming, telemetry post-processing, and build engineering.
• Provide development and infrastructure support to improve overall offensive capabilities.
• Review analytics data from sensors to guide the development of offensive tradecraft.
• Develop initial access and post-exploitation capabilities (some evasive, some noisy).
• Contribute to capabilities to enhance operator decision making.
• Proactively identify opportunities to improve workflows and processes.
• Document completed development projects for operational use.
• Share responsibilities on administration and infrastructure.

Requirements

• Reverse engineering skills and mindset in both vulnerability research and malware analysis.
• Forward engineering skills in languages such as C++, C#, and Python.
• Systems programming background in at least Windows + aptitude to learn Linux and macOS.
• Demonstrable understanding of EDR internals and other telemetry-based technologies.
• Demonstrable familiarity with using the OODA loop concept to subvert complex systems.
• Prior experience in goal-oriented red team operations and penetration testing phases.
• Prior experience in UX/UI elements of projects to improve workflows and adoption.
• Strong problem solving and critical thinking skills.
• Excellent oral and written communications skills in English.
• 3+ years of relevant engineering experience (some skills will be learned on the job).
• Ability to recognize and demonstrate that stealth is relative.
• Ability to factor human cognition when developing technical bypasses (e.g. reflexive control, IPb).
• Ability to maintain discretion related to sensitive work (both internally and externally).
• Ability to be receptive to peer review and conform to project-specific conventions.
• Ability to explain topics you are familiar with at different abstraction levels.
• Ability to manage development projects from conception to ongoing maintenance.
• Ability to handle high pressure situations in a productive and professional manner.
• Ability to simultaneously consider multiple (sometimes opposing) perspectives.
• Ability to apply best practices (but flexible to bend conventions when appropriate).
• Ability to form conclusions driven by data and evidence, in addition to intuition.
• Interest in knowing something about everything, and everything about something.

Nice to Have

• Security community participation (conference speaker or tool contributor).
• Experience with developing custom C2 frameworks or offensive security tooling.
• Prior experience with event streaming, web development, and data analysis.
• Familiarity with the following: Kafka, FastAPI, Neo4j, LogScale, Docker, Jenkins.
• Interest in modeling decision-making processes used for selecting TTPs.
• Interest in understanding adversary emulation beyond the execution of cyber TTPs.
• Interest in understanding the dual-use nature of arbitrary technologies.
• Interest in developing solutions with a systems thinking approach.
• Interest in integrating knowledge from various non-cybersecurity domains.
• Interdisciplinary educational background (outside of cybersecurity).
• Passion to understand and develop solutions requiring skills (from ASM to ML).

Team

Structure: non-billable R&D team

Additional Information

• Interest in knowing something about everything, and everything about something.