Be an early applicantLess than 25 applicants

Company

CrowdStrike · 16 hours ago

Sr. Engineer, Application Security - Product Security (Remote)

Austin, TX

Full-time

Remote

Senior Level

Maximize your interview chances

Artificial Intelligence (AI)Cloud Data Services

Growth Opportunities

H1B Sponsor Likely

Insider Connection @CrowdStrike

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Join engineering teams working on applications as a security expert and advisor, influencing the design and capabilities of our products

Create, maintain, and mature threat models to drive security architecture review and eliminate threat surface area

Review application source code, looking for security defects and risk

Attack applications throughout the Secure Development LifeCycle

Work with developers to help them understand defects, risks, design weaknesses, etc. and implement proven solutions

Build integrated tools and automation to make life easier for you, your team, and our engineering partners

Drive response efforts to our bug bounty program, hunt for similar issues across the platform, and improve the security of our applications

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecurityThreat ModelingCode ReviewAgile/DevOpsGo (Golang)PythonRustJavaScriptCloud SecuritySAST ToolsDAST ToolsIAST ToolsASPM ToolsApplication Penetration TestingAutomation DevelopmentDockerKubernetes (k8s)WebAssembly (WASM)Mentoring

Required

Self-motivated to identify security defects and engage with engineering teams to find solutions

A deep understanding of how software products are created and shipped in Agile/DevOps like environments

Experience with threat model framework(s), especially using STRIDE

Proven experience in code review for apps built with Go (Golang), Python, Rust, or JavaScript (emphasis on browser-side)

A working knowledge of secure configuration of cloud-native and containerized apps in multiple Cloud environments (GCP, Azure, AWS)

Experience using and/or maintaining commercially available AppSec tools like SAST, DAST, IAST, and ASPM suites

A solid understanding of common software weaknesses that impact cloud and web applications (not just the OWASP Top 10) and demonstrable experience in application penetration testing

Examples of collaborating across technical teams: asking technical questions, challenging assumptions, getting or providing context for decisions, etc.

Demonstrable experience developing/maintaining automation for application security tasks and defect identification

Preferred

Experience working at extremely large scale

Comfortable with ambiguity and capable of determining direction

Example(s) of having a positive working relationship with product engineers (software product development experience is a huge bonus)

Deep knowledge of Docker and Kubernetes (k8s)

Experience with WebAssembly (WASM)

Engaged in providing security enhancements to open source projects

Experience in mentoring, coaching, and/or improving team culture

Technical security certifications or academic background are a plus

Company

CrowdStrike

Glassdoor

4.2

CrowdStrike is a cybersecurity technology firm that provides cloud-delivered protection for cloud workloads, identity, and data.

Founded in 2011

Sunnyvale, California, USA

5001-10000 employees

http://www.crowdstrike.com

H1B Sponsorship

CrowdStrike has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (49)

2022 (84)

2021 (64)

2020 (32)