Penetration Test Engineer

Full Time
Irvine, CA
Areas of Interest: Test and Evaluation
report a problem
Virtual / Telecommute
Remote work is frequently a way to describe working from a home office or being a telecommuter. Depending on the job and company, remote work offers the ability to work from anywhere in the world. To do a remote job, professionals need access to tools like phone/internet service and a quiet place to work without distraction.

Your dream job at CrowdStrike is waiting
Join the company now backed by Google Capital 

Good at breaking things? This job is for you! This position is responsible for developmental and operational penetration testing for our product and all our online properties.

This position requires someone with expertise in manual and automated web application penetration testing with the knowledge needed to breach security defenses. The ideal candidate will have at least four years of experience performing penetration tests using a mix of commercially available, open source and personally built tools. A solid understanding network protocols and server and Web application weaknesses is also needed. The successful candidate will also have good communication skills and will provide a high level of security expertise to the Company while working in a complex distributed IT environment.

Essential Functions:

  • Integrate into SDLC process and perform regular penetration tests to detect flaws and aid in the correction of the design prior to deployment to production.
  • Coordinate and conduct recurring internal and external white hat penetration tests and document results for all Crowdstrike assets.
  • Develop and publish reports demonstrating regular remediation of issues raised in the course of penetration testing including trends over time.
  • Perform ad-hoc penetration tests as directed in response to security breaches and/or pending attacks.
  • Assesses threats to the environment and provide input into security architectures and designs.
  • Develops, researches and maintains proficiency in tools, techniques, countermeasures and trends in computer and network vulnerabilities.
  • Performs other duties as assigned.


  • Bachelor’s degree in Computer Science, Management Information Systems, or work-related discipline/field from an accredited college or university. Equivalent field experience considered.
  • 4+ years experience preferred with direct experience either as a vulnerability engineer, technical auditor or penetration tester.
  • Hands on security experience pen testing of web applications and network services to proactively discover flaws and track them to resolution.
  • Experience using multiple languages (HTML, SQL, C++, Perl, Python, PHP or other) to manually exploit or confirm vulnerabilities and eliminate false positives from results.
  • Must have the ability to understand and use the output vulnerability scanners like Nessus and Rapid7 NexPose as the basis for targeted web application penetration testing and use tools like MetaSploit to verify vulnerabilities actually exist and are exploitable.
  • Must have the ability to understand, modify and use Proof of Concept (PoC) exploitation code created by others in C++ and C# as well as scripting languages like Python to perform extensive manual binary and scripting application and web penetration testing. 
  • Must have the ability to create Proof of Concept (PoC) exploitation code independently and explain the results to developers who can close vulnerabilities in our products. 
  • Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies.
  • Excellent understanding of web applications, web servers, frameworks and protocols with respect to application development and deployment.
  • Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing.
  • Extensive Windows, Mac, Linux and UNIX experience including deep knowledge of associated vulnerabilities, hardening techniques and strategies.
  • Ability to communicate technical detail into succinct and fact-based business terminology, both verbally and in writing.
  • Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product.
  • Ability to use independent judgment to make sound, justifiable decisions and take action to solve problems.
  • Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner.
  • Ability to plan, organize and prioritize work independently and meet deadlines.
  • Ability to work in a collaborative, team environment.

Preferred Qualifications:

  • GIAC Certified Penetration Tester and/or GIAC Certified Ethical Hacker certifications.

CrowdStrike is an Equal Opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. 
External Recruiting Agencies/Vendors: CrowdStrike does not accept unsolicited resumes from any external agency. Unsolicited resumes submitted by agencies to CrowdStrike will become the property of CrowdStrike and may be contacted and engaged with directly by CrowdStrike. CrowdStrike has not agreed to pay placement or any other fee to companies who have not been specifically retained to conduct a candidate search or for any unsolicited resume.

Share this job:


CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and pre- and post incident response services. CrowdStrike Falcon is the first true Software as a Service (SaaS) based platform for next-generation endpoint protection that detects, prevents, and responds to attacks, at any stage - even malware-free intrusions. Falcon’s patented lightweight endpoint sensor can be deployed to over 100,000 endpoints in hours providing visibility into billions of events in real-time. CrowdStrike operates on a highly scalable subscription-based business model that allows customers the flexibility to use CrowdStrike-as-a-Service to multiply their security team’s effectiveness and expertise with 24/7 endpoint visibility, monitoring, and response.
Visit CrowdStrike's Social Media pages:
Company Industry: Computer & Network Security
Company Size: 201-500
One other job with this company: