Penetration Test Engineer (Remote) @ Crowdstrike

CrowdStrike CrowdStrike is a global cybersecurity leader with an advanced cloud-native platform for protecting endpoints, cloud workloads, identities and data. View company page#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud -native platform has offered unparalleled protection against the most sophisticated cyberattacks. We're looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to the customer to join us in shaping the future of cybersecurity. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.About the Role:Good at breaking things? This job is for you! This position is responsible for developmental and operational penetration testing for our product and all our online properties.This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least two years of experience performing penetration tests using a mix of commercially available, open source and personally built tools. A solid understanding of network protocols, server and web application weaknesses is also needed. The successful candidate will also have good communication skills and will provide a high level of security expertise to the company while working in a complex distributed environment.As stated by George Kurtz, co-founder and CEO of CrowdStrike, "Since our founding, CrowdStrike has pioneered the use of AI in cybersecurity." The ideal candidate will have an interest in both using and assessing AI driven applications, though demonstrated experience is not a requirement.What You'll Do:Perform comprehensive penetration testing assessments across the organization.Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.Work with various different business units to perform penetration testing assessments on systems or applications before go live rollouts.Examine systems and applications to assess the current security posture.Manage penetration testing related tickets to ensure issues are remediated within proper timelines.Advocate for security best practices across the organization.What You'll Need:Advanced knowledge of server and client operating systems.Extensive computer skills and an understanding of networking, cryptography, web applications, databases, and wireless technologies.Ability to prioritize impactful findings and drive these items to remediation.Experience working with Mac, Windows, Linux and/or other Unix-like variants.Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.Possess the ability to work independently.Proactive go getter attitude to solve challenging problems.Stays up to date with current vulnerabilities and vulnerability related news in various industries.Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, Perl, BASH)The ability to work remotely with teammates across the organization and maintain healthy working relationships.Bonus Points:Interest in all things AI and willingness to grow into a Subject Matter Expert (SME) in evaluating AI applications for vulnerabilities or using AI/ML to enhance pentest processesFamiliarity with the OWASP Top 10 for Large Language Model ApplicationsExperience working with cloud technologies(AWS, GCP, Azure, Kubernetes or docker),infrastructure as code tools(terraform) and/or container technologiesExperience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, and additional components in this area.Ability to utilize and write scripts against common web APIs (REST, SOAP).Knowledge of cloud platforms and highly concurrent systems.Knowledge of build pipelines and CI tools.You're a clear thinker and efficient communicator (i.e. written and verbal).Ability to create elegant looking PowerPoints or Slide Decks.Education/Certifications/Experience:Technical security certifications or academic background are a plus.CVEs or bug bounty rewardsDocumented CTF writeups or victoriesHacker or professional group affiliationsMarket leader in compensation and equity awardsCompetitive vacation and flexible working arrangementsComprehensive and inclusive health benefitsPhysical and mental wellness programsPaid parental leave, including adoptionA variety of professional development and mentorship opportunitiesOffices with stocked kitchens when you need to fuel innovation and collaborationWe are committed to fostering a culture of belonging where everyone feels seen, heard, valued for who they are and empowered to succeed. Our approach to cultivating a diverse, equitable, and inclusive culture is rooted in listening, learning and collective action. By embracing the diversity of our people, we achieve our best work and fuel innovation - generating the best possible outcomes for our customers and the communities they serve.CrowdStrike is committed to maintaining an environment of Equal Opportunity and Affirmative Action. If you need reasonable accommodation to access the information provided on this website, please contact ****** , for further assistance.CrowdStrike participates in the E-Verify program.#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud -native platform has offered unparalleled protection against the most sophisticated cyberattacks. We're looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to the customer to join us in shaping the future of cybersecurity. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.About the Role:Good at breaking things? This job is for you! This position is responsible for developmental and operational penetration testing for our product and all our online properties.This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least two years of experience performing penetration tests using a mix of commercially available, open source and personally built tools. A solid understanding of network protocols, server and web application weaknesses is also needed. The successful candidate will also have good communication skills and will provide a high level of security expertise to the company while working in a complex distributed environment.As stated by George Kurtz, co-founder and CEO of CrowdStrike, "Since our founding, CrowdStrike has pioneered the use of AI in cybersecurity." The ideal candidate will have an interest in both using and assessing AI driven applications, though demonstrated experience is not a requirement.What You'll Do:Perform comprehensive penetration testing assessments across the organization.Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.Work with various different business units to perform penetration testing assessments on systems or applications before go live rollouts.Examine systems and applications to assess the current security posture.Manage penetration testing related tickets to ensure issues are remediated within proper timelines.Advocate for security best practices across the organization.What You'll Need:Advanced knowledge of server and client operating systems.Extensive computer skills and an understanding of networking, cryptography, web applications, databases, and wireless technologies.Ability to prioritize impactful findings and drive these items to remediation.Experience working with Mac, Windows, Linux and/or other Unix-like variants.Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.Possess the ability to work independently.Proactive go getter attitude to solve challenging problems.Stays up to date with current vulnerabilities and vulnerability related news in various industries.Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, Perl, BASH)The ability to work remotely with teammates across the organization and maintain healthy working relationships.Bonus Points:Interest in all things AI and willingness to grow into a Subject Matter Expert (SME) in evaluating AI applications for vulnerabilities or using AI/ML to enhance pentest processesFamiliarity with the OWASP Top 10 for Large Language Model ApplicationsExperience working with cloud technologies(AWS, GCP, Azure, Kubernetes or docker),infrastructure as code tools(terraform) and/or container technologiesExperience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, and additional components in this area.Ability to utilize and write scripts against common web APIs (REST, SOAP).Knowledge of cloud platforms and highly concurrent systems.Knowledge of build pipelines and CI tools.You're a clear thinker and efficient communicator (i.e. written and verbal).Ability to create elegant looking PowerPoints or Slide Decks.Education/Certifications/Experience:Technical security certifications or academic background are a plus.CVEs or bug bounty rewardsDocumented CTF writeups or victoriesHacker or professional group affiliations#LI-Remote#LI-RC1Benefits of Working at CrowdStrike:Remote-first cultureMarket leader in compensation and equity awardsCompetitive vacation and flexible working arrangementsComprehensive and inclusive health benefitsPhysical and mental wellness programsPaid parental leave, including adoptionA variety of professional development and mentorship opportunitiesOffices with stocked kitchens when you need to fuel innovation and collaborationWe are committed to fostering a culture of belonging where everyone feels seen, heard, valued for who they are and empowered to succeed. Our approach to cultivating a diverse, equitable, and inclusive culture is rooted in listening, learning and collective action. By embracing the diversity of our people, we achieve our best work and fuel innovation - generating the best possible outcomes for our customers and the communities they serve.CrowdStrike is committed to maintaining an environment of Equal Opportunity and Affirmative Action. If you need reasonable accommodation to access the information provided on this website, please contact ****** , for further assistance.CrowdStrike participates in the E-Verify program.Notice of E-Verify ParticipationRight to WorkCrowdStrike, Inc. is committed to fair and equitable compensation practices. The base salary range for this position in the U.S. is $85,000 - $135,000 per year + variable/incentive compensation + equity + benefits. A candidate's salary is determined by various factors including, but not limited to, relevant work experience, skills, certifications and location.Expected Close Date of Job Posting is:08-13-2024Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.#J-18808-Ljbffr