About the Role:CrowdStrike's Sensor Security Platform (SSP) team is building up a dedicated Sensor Anti-Tampering engineering team to protect the Falcon sensor against adversary subversion. The Falcon sensor runs on millions of endpoints - and is a high-value target for sophisticated threat actors who seek to disable, evade, or degrade endpoint protection as a precursor to their attacks.
This role exists at the intersection of offense and defense: you will think like an adversary to protect one of the world's most widely deployed security agents. You will design and implement tamper-resistance, tamper-detection, and tamper-response capabilities that ensure the Falcon sensor remains operational and trustworthy - even when an attacker has elevated privileges on the endpoint.
The Anti-Tampering domain spans all major OS platforms: Windows, macOS, Linux. While no single engineer is expected to be expert across all platforms, you will bring deep OS and systems expertise on at least one, and develop cross-platform perspective as part of the team.
What You'll Do:- Design, implement and own sensor anti-tampering capabilities - including tamper prevention, tamper detection, and tamper response mechanisms
- Collaborate with CrowdStrike's adversary intelligence, red team, and product security groups to stay ahead of emerging anti-EDR tradecraft
- Partner with our threat analysts to understand adversary techniques targeting EDR agents (e.g. unhooking, driver manipulation, process termination, credential abuse, policy subversion) and develop mitigations against them
- Reason about and enumerate the sensor's attack surface on your platform(s) of expertise, identifying gaps in tamper-resistance coverage
- Contribute to cross-platform anti-tampering architecture - ensuring consistency of guarantees while respecting platform-specific realities
- Write code in C/C++ and in CrowdStrike's internal domain-specific languages (you will be trained in the DSL; it is event-driven, asynchronous, and used extensively in the sensor's detection and response logic)
- Write unit, functional and integration tests - including adversarial test cases that simulate tamper attempts
- Participate in security design reviews for new sensor features, advising on tamper-resistance implications
- Diagnose and respond to production escalations related to sensor tampering - including ProdSec and customer-reported issues
What You'll Need:- Deep systems programming expertise on at least one major platform (Windows, macOS, or Linux) - particularly in areas relevant to security agent protection: kernel interfaces, driver frameworks, process/memory protection, system service architecture
- Ability to reason adversarially: understand how an attacker with local admin or root privileges would attempt to disable or evade a security agent, and design defenses accordingly
- Strong C/C++ skills and comfort working in large, complex codebases
- Ability to design and implement solutions that are both security-hardened and production-safe (anti-tampering must not compromise system stability)
- Ability to reason about, describe, and communicate the security properties and assumptions of complex systems
- Experience shipping security-critical software where correctness and reliability are non-negotiable
- Ability to work effectively in a distributed, cross-timezone team with complex subject matter expertise
- Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.
Bonus Points:- Direct experience with anti-tampering, self-protection, or agent-hardening at another EDR/endpoint security company
- Experience with Windows kernel development (minifilters, callbacks, protected processes, Secure Boot/ELAM, ETW)
- Experience with macOS system extensions, endpoint security framework, or kext development
- Experience with Linux security modules, eBPF, or kernel module development
- Reverse engineering or vulnerability research background
- Red team or offensive security experience (understanding attacker tooling that targets EDR)
- Familiarity with hypervisor-level security or ESXi agent architecture
#LI-CW1
Benefits of Working at CrowdStrike:- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world class amenities
- Great Place to Work Certified™ across the globe
CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $140,000 - $215,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.
For detailed information about the U.S. benefits package, please click here.