Engineer II, Threat Detection - Windows (Hybrid)
CrowdStrike · Redmond, WA · 4 days ago
Engineering$100k–$145k/yrFull-time
About the role
The CrowdStrike Endpoint Protection (EPP) Content Response team is seeking an experienced and passionate professional to analyze intrusions, threat campaigns, and malware — and to drive efforts to mitigate them by implementing robust behavioral detection coverage on the Falcon sensor platform.
The Content Response Team improves detection capability and efficiency through tactical analysis of ongoing attacks by criminal and nation-state actors impacting our customers, translating observed attacker behavior into high-fidelity endpoint detections deployed at global scale.
This role is hybrid, requiring 2-3 days per week on-site at one of the posted locations.
Responsibilities
- Analyze emerging threats, campaigns, intrusion data, and malware execution telemetry to identify detectable behaviors and coverage gaps
- Author and optimize behavioral detection rules (Indicators of Attack) targeting adversary techniques observed on Windows endpoints
- Query and analyze endpoint telemetry (process execution, file system, registry, memory, authentication events) to validate detection hypotheses and assess coverage
- Manage detections through a structured lifecycle: development, validation, staged deployment, and production monitoring
- Collaborate with threat intelligence and incident response teams to prioritize detection development based on active threat campaigns
Requirements
- Must be eligible for CJIS clearance (requires U.S. citizenship or Green Card/permanent resident status).
- Bachelor's degree in information security, computer science, or related field — or 4+ years of equivalent hands-on experience in detection engineering, threat analysis, or endpoint security
- Experience with endpoint detection platforms, EDR tooling, or detection-driven security workflows
- Proficiency in Windows OS internals and APIs (process creation, registry, file system, memory management, authentication subsystems)
- Experience with behavioral malware analysis, sandboxing, telemetry collection, and detectable behaviors from execution logs or Windows forensics
- Working knowledge of regular expressions and pattern-based detection authoring
- Ability to read and understand various programming languages and PowerShell; scripting proficiency in Python for automation and analysis
- Solid working knowledge of common adversary TTPs and the ability to translate threat intelligence into detection logic
- Passion for detection engineering, threat analysis, or security research, with the motivation to keep learning and growing
- Energetic self-starter mentality with the ability to take ownership and be accountable for deliverables
- Clear written and verbal communication skills to drive triage, convey detection rationale, and align cross-functionally with both technical and executive-level stakeholders
- Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.
Qualifications
- Experience writing behavioral detection rules or signatures for an endpoint security product (IOA/IOC logic, behavioral engines, or equivalent)
- Experience with regex optimization or pattern matching in performance-sensitive contexts
- Familiarity with detection precision concepts: true/false positive analysis, disposition workflows, and tuning at scale
- Experience with detection content lifecycle management (development → testing → staged deployment → monitoring)
- Understanding of behavioral detection paradigms: process tree analysis, parent-child relationships, API call sequences, and living-off-the-land technique identification
- Familiarity with MITRE ATT&CK adversary tactics and techniques
- Experience in a security operations center or similar environment tracking threat actors and responding to incidents
- Experience building test environments, lab infrastructure, or automation to improve detection development workflows
- Working knowledge of agentic AI CLIs and skills for detection engineering workflows
- Contributions to the open-source community (GitHub, Stack Overflow, blogging) or published research (conferences, blogs, articles)