Vulnerability Analyst - Secure configuration Assessment

About Product:

Falcon Exposure Management is the product which proactively reduces intrusion risk by providing the unified, AI-powered vulnerability prioritization and complete attack surface visibility.
Within Exposure management, Configuration Assessment allows you to assess your assets’ configuration settings against user-customizable CIS Benchmarks (a comprehensive set of prescriptive best practice standards), whether for compliance objectives or up-levelled security
Find out more about Falcon Exposure Management:
https://www.crowdstrike.com/platform/falcon-exposure-management/

About the Role:

This role will be looking for information about various kinds of security vulnerabilities, known or unknown, including zero-day vulnerabilities and enriching the CS security vulnerability detection database. The person will be required to gather the data, analyse the data, identify its criticality, and also automate tasks. He/ she will also be responsible for troubleshooting issues with current data and making enhancements.

What You'll Do:

• Collecting, analyzing, interpreting, evaluating, and integrating vulnerability data from multiple sources to update existing product

• Understanding of common vulnerability classes and exploitation techniques

• Actively investigate the latest in security vulnerabilities, advisories, incidents, and provide insights (sources like, Microsoft, Oracle, etc)

• Troubleshooting security vulnerability issues/ gaps that arise

• Vulnerability data discovery and validation (Data efficacy & Accuracy)

• Develop, test and modify custom scripts for vulnerability content

• Manually/Automate analyzing new CVE information published

• Handle Customer escalations, to identify False-Positive & False-Negative

• Other projects as assigned

What You'll Need:

• 3-6 years of relevant experience

• Programming/scripting knowledge for automating day to day tasks – Python/ Perl, Golang.

• Good understanding of vulnerabilities reported by various sources and their types.

• Platform knowledge (ex: Windows system concepts like registry, files, services, etc)

• In-depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.). Understanding the security implications and potential vulnerabilities associated with these concepts

• Research mindset, has a hold on where to look for relevant information pertaining to reported vulnerabilities.

• Ability to work independently and in a team environment

• Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike

• Provide influential insights across multiple teams

Bonus Points:

• Knowledge of Configuration Assessment and Compliance domain

• Good understanding of CIS benchmarks and DISA STIGs

• Good knowledge on regulatory frameworks like PCI, SOX, FISMA, HIPAA, ISO NERC, NIST etc will be an added advantage.

• Knowledge of Vulnerability/exploit research and creating signatures for the same

• Platform knowledge of one or more of non-windows (like Linux Distros, macOS)

• Prior experience working with Nessus, Qualys, Rapid 7, Tripwire  etc

• Knowledge of NIST and OWASP is big plus

• Ability to communicate, collaborate, and work effectively in a globally distributed team

• Experience in Leading projects or Research initiatives

• Experience/Exposure with Golang is a plus

Outpacing Threats | CrowdStrike Falcon® Exposure Management

Gain full attack surface visibility, assess and prioritize exposures, and automate responses to outpace adversaries with CrowdStrike Falcon® Exposure Management.

#LI-VJ1

Benefits of Working at CrowdStrike:

• Remote-friendly and flexible work culture

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs

• Competitive vacation and holidays for recharge

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.