CR

Sr. Engineer- Product Abuse (Remote)

Job summary

United States
Engineering

Work model

Fully remote
Only United States
3 weeks ago
Job description

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn't changed --- we're here to stop breaches, and we've redefined modern security with the world's most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward.

About the Role

CrowdStrike's Product Abuse team sits at the intersection of threat intelligence, detection engineering, and platform security --- defending the Falcon platform against sophisticated adversaries. As a Sr. Engineer, you'll lead threat hunting operations, architect detection and prevention capabilities, and drive security enhancements across our product portfolio. You'll operate at both strategic and tactical levels alongside a close-knit team of industry-leading engineers, with direct and measurable impact on CrowdStrike's security posture at global scale.

What You'll Do

  • Lead threat hunting operations against emergent threat activity involving platform misuse --- to determine impact and drive resolution.
  • Design and implement monitoring solutions to detect anomalies and potential abuse across external-facing services, APIs, and authentication surfaces.
  • Lead technical aspects of incident response, including attack vector analysis, countermeasure implementation, and post-incident review.
  • Develop automation and purpose-built tooling to streamline detection, mitigation, and reporting workflows.
  • Instrument event-driven tooling to drive hunting efficiency and proactive prevention of evolving TTPs.
  • Conduct regular security assessments and testing simulations targeting external attack surfaces and abuse vectors.
  • Advocate for and drive product security enhancements across the Falcon platform, influencing engineering teams to build abuse resistance into the product.
  • Implement and refine logging strategies to enhance visibility into potential abuse scenarios across cloud-native infrastructure.
  • Contribute to roadmap and strategic planning for abuse prevention, balancing proactive and reactive capabilities.
  • Support follow-the-sun operational coverage as part of a globally distributed team.

What You Need

  • Motivated self-starter with 7 years of experience in a cybersecurity engineering or threat intelligence environment, with a significant focus on threat hunting, attack mitigation, and tooling.
  • Proficiency in security automation and tool development.
  • Practical experience with cloud computing platform security services --- particularly as they relate to infrastructure protection, identity and access management, and continuous monitoring.
  • Deep familiarity with abuse-relevant attack patterns including credential stuffing, account takeover, API abuse, trial fraud, and adversarial misuse of security tooling.
  • Ability to identify when external-facing services are exceeding baselines and correlate deviations with potential attack indicators.
  • Comprehensive understanding of TTPs employed by threat actors and the evolving threat landscape, including nation-state and eCrime actors.
  • Passionate about taking initiative to identify and develop enrichments and enhanced visibility.
  • Enthusiasm for collaboration across functional teams --- including Product & Engineering --- to drive platform-wide abuse resistance.

Bonus Points

  • Experience leveraging AI coding assistants and LLM-based tools as a force multiplier.
  • Experience applying data science techniques --- such as machine learning, neural networks, or streaming anomaly detection.
  • Experience with front-end UI design (HTML5, JavaScript, React).
  • Experience with SIEM platforms (e.g., LogScale).
  • Experience with identity and authentication systems (OAuth, SAML, MFA bypass).
  • Expertise in designing and implementing robust network and cloud security measures.
  • Experience operating in or supporting a follow-the-sun security operations model.
  • Strong background in OSINT, cybercrime investigations, or intelligence collection.
  • Background in trust and safety, fraud detection, or abuse engineering at a SaaS or cloud platform.
  • Familiarity with the CrowdStrike Falcon platform and its sensor, cloud, and API architecture.

Soft Skills

  • Exceptional problem-solving abilities with a methodical approach to complex, ambiguous security challenges.
  • Strong written and verbal communication skills for both technical and non-technical audiences.
  • Self-motivated with the ability to work independently and as part of a globally distributed, collaborative team.
  • Excellent time management and ability to prioritize effectively under pressure.
  • Passion for continuous learning and staying current with emerging threats, adversary tradecraft, and the abuse landscape.

Benefits of Working at CrowdStrike

  • Market leader in compensation and equity awards.
  • Comprehensive physical and mental wellness programs.
  • Competitive vacation and holidays for recharge.
  • Paid parental and adoption leaves.
  • Professional development opportunities for all employees regardless of level or role.
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities.
  • Vibrant office culture with world class amenities.
  • Great Place to Work Certified™ across the globe.

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed.

Compensation

The base salary range for this position for all U.S. candidates is $120,000 - $180,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location.

#LI-Remote #LI-CS1