Security Engineer - Vulnerability Detection (Hybrid)

Vulnerability Detection Engineer

CrowdStrike is looking for a Vulnerability Detection Engineer for our Exposure Management group. This is an individual contributor role in the Exposure Management Content team responsible for researching, developing and delivering our host and network vulnerability assessment detections for CrowdStrike as also collaborating on the development of new features and technical solutions.

This role is hybrid, requiring 2-3 days per week on-site at our Sunnyvale, CA office.

This person would work closely with other internal teams and product management to understand the requirements and needs on vulnerability detection capabilities for the product. They will be technically involved in the capabilities for exposure management to detect, track, report and prioritize vulnerabilities on assets.

Strong communication and organizational skills are essential.

The successful candidate should have had experience within exposure management, vulnerability analysis and detection and be able to develop detection pipelines for vulnerabilities and other threats. Work experience in the security industry is highly desirable, including a strong understanding of some of the current prevalent products in this space.

What You'll Do:

• Collaborate and lead a team of vulnerability detection engineers and researchers to plan, coordinate and execute vulnerability detection coverage for exposure management supported platforms
• Participate and lead company thought leadership efforts and guidance for analysis on prevalent vulnerabilities and risk based vulnerability management
• Vulnerability data discovery and validation (data efficacy & accuracy)
• Collaborate with multi-functional teams across various physical locations including product management and other engineering disciplines
• Lead and manage other projects as assigned
• AI-enhanced vulnerability detection research: leverage generative AI tools to accelerate vulnerability analysis, proof-of-concept development, and detection rule creation while maintaining human oversight for validation and detection accuracy
• Intelligent vulnerability assessment pipeline: design and implement AI agent workflows to automate multi-step vulnerability validation processes (e.g., discovery, analysis, prioritization, remediation guidance) while ensuring human-in-the-loop verification for critical vulnerability detections and false positive reduction

What You'll Need:

• Minimum 5 years of overall experience as an individual contributor. Experience in management and leadership roles is a plus.
• Ability and desire to be hands on as well as empowering peers while collaborating across different functional areas and products
• Ability to develop, coordinate and execute on an engineering roadmap
• Ability to communicate and articulate crisply at all levels from executive staff to engineers
• Ability to communicate, collaborate, and work effectively in a distributed team
• Familiarity and experience with the agile process
• Experience in cybersecurity industry
• Programming/scripting knowledge for automating day to day tasks – Python/ Perl, Golang.

Required Skills:

• Understanding of vulnerabilities, mitigations and remediations
• Understanding of vulnerability and software detection techniques
• Understanding of vulnerability prioritization models
• Experience with security/vulnerability detections development and release
• Experience of vulnerability management product development
• Experience designing and implementing validation workflows for security based products
• Experience working in remote & distributed environments
• Solid design and problem-solving skills with a demonstrated passion for engineering excellence, pragmatism, quality, security, and performance
• Experience with Go and/or Python automation
• Experience with AI/ML models is a plus