CrowdStrike · 5 hours ago
Insider Investigations Analyst (Remote)
United States
Full-time
Remote
Mid Level
$100K/yr - $155K/yrCrowdStrike is a global leader in cybersecurity dedicated to stopping breaches with their advanced AI-native platform. The Insider Investigations Analyst will support the Insider Risk Team by conducting investigations, creating detections, and managing incident responses while ensuring proper documentation and communication with stakeholders.
Artificial Intelligence (AI)Cloud Data ServicesCloud SecurityCyber SecurityNetwork Security
Responsibilities
Participate in confidential insider risk investigations
Create and implement insider risk related detections
Perform detailed and comprehensive investigations, reviewing data from multiple data sources to include, but not limited to, network, host, and open source
Communicate with end users regarding potential policy violations when appropriate
Assist in data recovery efforts through the creation of comprehensive reports on an as-needed basis
Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs) in a clear, logical, concise manner
Handling confidential or sensitive information with appropriate discretion
Assist in regular and sustained alert tuning efforts to minimize false positive results
Ensure that all investigations are properly documented and tracked in appropriate case management systems
Support Incident Response lifecycle via triage and investigation of detections and action as appropriate (e.g. live response, containment, escalation, etc.)
Assist in the development of detection criteria, through ASM (Attack Surface Mapping), across a broad range of technologies and log sources
Identify security controls coverage and efficiency gaps in available data/logs and tooling
Provide information security summaries containing security metrics as required
Participate in incident response and manage escalations as needed
Drive efficient process development and documentation for all aspects of the Incident Response lifecycle
Provide after-hours support on an on-demand basis
Qualification
Required
Experience with data classification or risk scoring methodologies
Excellent verbal and written communication skills with a strong emphasis on attention-to-detail
Ability to triage and manage 2-3 investigations simultaneously
Ability to work independently and coordinate with multiple internal departments as needed
Experience responding to security event alerts, including front-line analysis and escalation, of hacktivist, cybercrime, and APT activity
Theoretical and practical knowledge with Mac, Linux, and Windows operating systems
Theoretical and practical knowledge with TCP/IP networking and application layers
Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation
Experience with access/application/system log analysis, IDS/IPS alerting and data flow, and SIEM-based workflows
Experience with security data collection, processing, and correlation
Capable of following technical instructions and completing technical tasks without supervision
Desire to continually grow and expand both technical and soft skills
Contributing thought leader within the incident response industry
Ability to foster a positive work environment and attitude
Scripting experience (Bash, PowerShell, etc.)
Experience with REGEX and data stream editing binaries (SED, AWK, etc.)
Experience with host database enumeration and analysis (SQL, SQLITE3)
Experience with network analysis (TCPDump, TSHark/WireShark, etc.)
Experience with basic static and dynamic host analysis (Order of Volatility, etc.)
Experience with basic files analysis (permissions, ownership, metadata)
Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes
Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience
Obtained or Pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science
Preferred
Scripting experience highly desirable (Python, Perl, etc.)
Experienced user of Splunk or Falcon LogScale query language
Experience with user behavior analytics and profiling tools or methodologies
Experience in creating and tuning detection/alert logic to provide greater fidelity and reduce false positives
Experience in data loss prevention, data classification, and knowledge of common data loss vectors
Previous project management experience desirable
Benefits
Remote-friendly and flexible work culture
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe
Company
CrowdStrike
CrowdStrike is a cybersecurity technology firm that provides cloud-delivered protection for cloud workloads, identity, and data.
Founded in 2011
5001-10000 employees
H1B Sponsorship
CrowdStrike has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (116)
2024 (62)
2023 (91)
2022 (60)
2021 (49)
2020 (22)
Funding
Current Stage
Public CompanyTotal Funding
$1.24BKey Investors
ARK Investment ManagementAccelCapitalG
2022-12-01Post Ipo Equity· $4.6M
2021-01-12Post Ipo Debt· $750M
2019-06-12IPO
Leadership Team
George Kurtz
President / CEO & Founder
Zeki Turedi
CTO for Europe, Middle East & Africa
Recent News
2026-01-01
2025-12-31
2025-12-27
Company data provided by crunchbase