Threat Analyst

Full Time
Irvine, CA
Areas of Interest: Exploitation Analysis, Threat Analysis, Vulnerability Assessment and Management
report a problem

Your dream job at CrowdStrike is waiting
Join the company now backed by Google Capital 

CrowdStrike is a computer security company that was founded on the principle that effective computer security cannot be achieved without understanding the goals, tactics, and techniques used by determined attackers who can be expected to purposefully and repeatedly pursue their objectives to the detriment of our customers.

The Product

CrowdStrike Falcon Host is a two-component security product. One component is a “sensor”, which is a driver installed on client machines that observes system activity and recognizes malicious behavior, then provides on-box prevention capability and remote telemetry to the Falcon Host cloud. The cloud component aggregates sensor telemetry for each customer’s network, can correlate malicious behavior across multiple machines, and presents our customers’ operations teams with a prioritized summary of the threats detected in their environments.  Expertise will define what is appropriate, but some tools and development skills will be required.


Job Description

The first part of stopping a breach is to identify the threats. CrowdStrike’s Falcon product line is designed to provide visibility to the behaviors of a variety of threats. Built on that visibility, the system is trained to correlate behaviors to detect and prevent threats. Step one is to investigate those threats and identify the best method to identify them in the wild.

As part of working with external test labs, emerging threats are tested against Falcon. Most of those threats are detected and prevented. With this stream of data though, it is necessary to understand the threats and ensure we are identifying them correctly, as well as understanding the threats that are not properly detected or prevented. The threats can range from simple malware samples to complex workflows involving new attack vectors, or a combination.

This position is first responsible for taking the data from third parties that we work with and analyzing how the product behaves. The goal is to improve the product for customer’s benefits, and ensure public validation properly represents the capabilities of the product.


  • 1-2 years of Malware or Threat research as a primary or secondary job function. This may include binary reverse engineering of malware, or breach based system level threat research.
  • Solid systems level understanding of Windows Operating System internals and how they are abused and subverted by malware and malicious actors.
  • You must bring a curiosity for how things work and a willingness to learn. As the threat landscape evolves, it can be difficult to keep up with the depth of technical knowledge required to fully understand some exploits and attacks.
  • The ability to follow issues to their conclusion in a constrained amount of time. External tests happen on a schedule and the time to investigate and respond is limited. Good time management and focus is required to be successful. This includes self-driven priorities and the ability to properly push back on lower priorities.

CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.

External Recruiting Agencies/Vendors: CrowdStrike does not accept unsolicited resumes from any external agency. Unsolicited resumes submitted by agencies to CrowdStrike will become the property of CrowdStrike and may be contacted and engaged with directly by CrowdStrike. CrowdStrike has not agreed to pay placement or any other fee to companies who have not been specifically retained to conduct a candidate search or for any unsolicited resume.

Share this job:


CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and pre- and post incident response services. CrowdStrike Falcon is the first true Software as a Service (SaaS) based platform for next-generation endpoint protection that detects, prevents, and responds to attacks, at any stage - even malware-free intrusions. Falcon’s patented lightweight endpoint sensor can be deployed to over 100,000 endpoints in hours providing visibility into billions of events in real-time. CrowdStrike operates on a highly scalable subscription-based business model that allows customers the flexibility to use CrowdStrike-as-a-Service to multiply their security team’s effectiveness and expertise with 24/7 endpoint visibility, monitoring, and response.
Visit CrowdStrike's Social Media pages:
Company Industry: Computer & Network Security
Company Size: 201-500