Penetration Test Engineer (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn't changed - we're here to stop breaches, and we've redefined modern security with the world's most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We're always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

• Perform comprehensive penetration testing assessments across the organization.
• Manage the entire lifecycle of penetration testing findings from discovery, triage, advising, remediation, and validation.
• Work with various different business units to perform penetration testing assessments on systems or applications before go live rollouts.
• Examine systems and applications to assess the current security posture.
• Manage penetration testing related tickets to ensure issues are remediated within proper timelines.
• Advocate for security best practices across the organization.

• Advanced knowledge of server and client operating systems.
• Extensive computer skills and an understanding of networking, cryptography, web applications, databases, and wireless technologies.
• Ability to prioritize impactful findings and drive these items to remediation.
• Experience working with Mac, Windows, Linux and/or other Unix-like variants.
• Extensive understanding of TCP, UDP, HTTP, IP and other network protocols.
• A detailed understanding of how to triage vulnerabilities using CVSS calculators and the ability to validate security related findings.
• Possess the ability to work independently.
• Proactive go-getter attitude to solve challenging problems.
• Stays up to date with current vulnerabilities and vulnerability related news in various industries.
• Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, Perl, BASH).
• The ability to work remotely with teammates across the organization and maintain healthy working relationships.

• Familiarity with the OWASP Top 10 list
• Experience working with cloud technologies (AWS, GCP, Azure, Kubernetes or docker), infrastructure as code tools (e.g., Terraform, Ansible), and/or container technologies
• Familiarity with common threat actor tools, techniques, and procedures (TTPs), attack kill chains, and security control evasion.
• Experience executing effective email phishing campaigns with custom domains, website hosting, payload delivery, credential harvesting, and additional components in this area.
• Ability to utilize and write scripts against common web APIs (REST, SOAP).
• Knowledge of cloud platforms and highly concurrent systems.
• Knowledge of build pipelines and CI tools.
• You're a clear thinker and efficient communicator (i.e. written and verbal).
• Ability to create elegant looking slide decks.
• Technical security certifications or academic background are a plus.
• CVEs or bug bounty rewards.
• Documented CTF write-ups or victories.
• Hacker or professional group affiliations.

• Remote-friendly and flexible work culture
• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe