Engineer II, Threat Detection - Windows (Hybrid)

CrowdStrike Holdings, Inc.$100K — $145K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Eligibility for CJIS clearance (U.S. citizenship or Green Card required)
  • Bachelor's degree in information security, computer science, or related field, or 4+ years of relevant experience
  • Experience with endpoint detection platforms and detection-driven security workflows
  • Proficiency in Windows OS internals and APIs
  • Experience in behavioral malware analysis and telemetry collection
  • Working knowledge of regex and pattern-based detection authoring
  • Proficiency in Python for automation and analysis
  • Solid understanding of adversary TTPs and ability to derive detection logic from threat intelligence
  • Strong communication skills for cross-functional alignment.

Responsibilities

  • Analyze emerging threats and campaigns to identify detectable behaviors
  • Author and optimize behavioral detection rules for Windows endpoints
  • Query and analyze endpoint telemetry to validate detection hypotheses
  • Monitor detection precision metrics and tune detections for optimal performance
  • Manage detection lifecycle from development to production monitoring
  • Collaborate with threat intelligence and incident response teams on active threats

Benefits

  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees
  • Employee Networks and volunteer opportunities
  • Vibrant office culture with world-class amenities
  • Recognized as a Great Place to Work Certified™ globally.
Full Job Description

About the Role:

The CrowdStrike Endpoint Protection (EPP) Content Response team is seeking an experienced and passionate professional to analyze intrusions, threat campaigns, and malware — and to drive efforts to mitigate them by implementing robust behavioral detection coverage on the Falcon sensor platform. The Content Response Team improves detection capability and efficiency through tactical analysis of ongoing attacks by criminal and nation-state actors impacting our customers, translating observed attacker behavior into high-fidelity endpoint detections deployed at global scale.

The role requires independent work as well as the ability to collaborate across threat intelligence, engineering, and operational teams. You will be expected to take initiative identifying and solving detection gaps that directly protect our customers. You will be part of a cutting-edge threat detection team regularly facing off against sophisticated techniques and well-resourced adversaries.

This role is hybrid, requiring 2-3 days per week on-site at one of the posted locations.

What You'll Do:

  • Analyze emerging threats, campaigns, intrusion data, and malware execution telemetry to identify detectable behaviors and coverage gaps

  • Author and optimize behavioral detection rules (Indicators of Attack) targeting adversary techniques observed on Windows endpoints

  • Query and analyze endpoint telemetry (process execution, file system, registry, memory, authentication events) to validate detection hypotheses and assess coverage

  • Monitor detection precision metrics, investigate false positives, and tune detections to maintain high signal-to-noise ratios

  • Manage detections through a structured lifecycle: development, validation, staged deployment, and production monitoring

  • Collaborate with threat intelligence and incident response teams to prioritize detection development based on active threat campaigns

What You’ll Need:

  • Must be eligible for CJIS clearance (requires U.S. citizenship or Green Card/permanent resident status).

  • Bachelor's degree in information security, computer science, or related field — or 4+ years of equivalent hands-on experience in detection engineering, threat analysis, or endpoint security

  • Experience with endpoint detection platforms, EDR tooling, or detection-driven security workflows

  • Proficiency in Windows OS internals and APIs (process creation, registry, file system, memory management, authentication subsystems)

  • Experience with behavioral malware analysis, sandboxing, telemetry collection, and detectable behaviors from execution logs or Windows forensics

  • Working knowledge of regular expressions and pattern-based detection authoring

  • Ability to read and understand various programming languages and PowerShell; scripting proficiency in Python for automation and analysis

  • Experience analyzing endpoint telemetry or host-based log data to identify malicious patterns

  • Solid working knowledge of common adversary TTPs and the ability to translate threat intelligence into detection logic

  • Ability to assess cyber threat intelligence, open-source intelligence, or partner reporting for actionable detection opportunities

  • Passion for detection engineering, threat analysis, or security research, with the motivation to keep learning and growing

  • Comfortable using AI-assisted tooling as a daily force multiplier, not just a novelty

  • Energetic self-starter mentality with the ability to take ownership and be accountable for deliverables

  • Clear written and verbal communication skills to drive triage, convey detection rationale, and align cross-functionally with both technical and executive-level stakeholders

  • Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.

Bonus Points:

  • Experience writing behavioral detection rules or signatures for an endpoint security product (IOA/IOC logic, behavioral engines, or equivalent)

  • Experience with regex optimization or pattern matching in performance-sensitive contexts

  • Familiarity with detection precision concepts: true/false positive analysis, disposition workflows, and tuning at scale

  • Experience with detection content lifecycle management (development → testing → staged deployment → monitoring)

  • Understanding of behavioral detection paradigms: process tree analysis, parent-child relationships, API call sequences, and living-off-the-land technique identification

  • Familiarity with MITRE ATT&CK adversary tactics and techniques

  • Experience in a security operations center or similar environment tracking threat actors and responding to incidents

  • Experience building test environments, lab infrastructure, or automation to improve detection development workflows

  • Working knowledge of agentic AI CLIs and skills for detection engineering workflows

  • Contributions to the open-source community (GitHub, Stack Overflow, blogging) or published research (conferences, blogs, articles)

#LI-DR1

This role will require the candidate to periodically undergo and pass additional background and fingerprint check(s) consistent with government customer requirements.

Benefits of Working at CrowdStrike:

  • Market leader in compensation and equity awards

  • Comprehensive physical and mental wellness programs 

  • Competitive vacation and holidays for recharge  

  • Paid parental and adoption leaves

  • Professional development opportunities for all employees regardless of level or role

  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

  • Vibrant office culture with world class amenities

  • Great Place to Work Certified™ across the globe

About CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc. Careers

Joining CrowdStrike Holdings, Inc. presents an unparalleled opportunity to advance a career in the tech industry with a company at the forefront of digital security. As a leader in cybersecurity solutions, CrowdStrike Holdings, Inc. offers a range of job opportunities that cater to a variety of skills and experiences, from entry-level positions to senior leadership roles.

Explore Job Opportunities

CrowdStrike Holdings, Inc. is continuously seeking talented individuals who are passionate about protecting organizations against cyber threats. With a commitment to innovation and excellence, the company is hiring professionals who are eager to contribute to a team that values hard work and creative solutions.

Innovation and Professional Growth

At CrowdStrike Holdings, Inc., employees are encouraged to push the boundaries of technology and leadership. The company supports professional growth through robust training programs, including leadership development and diversity training, ensuring that every team member has the resources to thrive in their career.

Culture and Benefits

The culture at CrowdStrike Holdings, Inc. is dynamic and inclusive, fostering a workplace where diversity is celebrated and every voice is heard. Employees enjoy comprehensive benefits that support both their professional and personal lives, enhancing job satisfaction and team morale.

Internship Programs

For those starting their career, CrowdStrike Holdings, Inc. offers internship programs that provide a rich learning environment. Interns gain hands-on experience, working alongside seasoned professionals and participating in projects that deliver real-world solutions.

Networking and Career Advancement

CrowdStrike Holdings, Inc. emphasizes the importance of networking within the industry, offering numerous opportunities for employees to connect with thought leaders and innovators. These connections can lead to career advancement and a deeper understanding of the cybersecurity landscape.

Applying for a Position

To apply for a position at CrowdStrike Holdings, Inc., candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess not only professional qualifications but also a candidate's fit within the company culture and team.

Stay Connected with CrowdStrike Careers

Interested candidates can stay informed about new openings and company news by subscribing to job alert emails. This personalized service ensures that potential applicants are the first to know about new opportunities that match their career interests and skills.

Join the Team

CrowdStrike Holdings, Inc. is looking for curious, creative, and solution-driven team players. Explore the employment opportunities on the CrowdStrike Holdings, Inc. careers page to find a position that matches your skills and passions.

SEARCH CROWDSTRIKE JOBS

Keep Up to Date

Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the professionals who work at CrowdStrike Holdings, Inc.

READ CAREERS BLOG

Job Alert Emails

Customize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities waiting at CrowdStrike Holdings, Inc.
Learn more about CrowdStrike Holdings, Inc.

Similar Jobs

More Jobs at CrowdStrike Holdings, Inc.

More Information Technology Jobs

Find similar Engineer II, Threat Detection - Windows (Hybrid) jobs: