Software Engineer III - Linux Content Development (Remote, CAN)

About the Team:
The Content Development (CD) is a team which resides within the Endpoint Protection area of CrowdStrike – an area which is responsible for enabling detections and preventions of malicious behaviours on the Falcon Platform. The CD team is focused on strategic, forward leaning research into new Falcon Sensor capabilities to identify various tactics and techniques used by adversaries. We accomplish this by focusing on OS security/internals for all major supported platforms (Windows, Mac, and Linux) and exposing the right data to the sensor in a supportable and performant manner. Most of our projects involve months of research, planning, coordination, and implementation to be successful.  We currently support several key Falcon Sensor technologies that are leveraged by detection and response teams to increase telemetry, detections, and preventions on the platform

About the Role:
CrowdStrike Falcon Host is a two-component security product. One component is a “sensor”: a driver installed on client machines that observes system activity and recognizes malicious behavior, then provides on-box prevention capability and remote telemetry to the Falcon Host cloud. The sensor processes thousands of events per second to provide deep visibility into operations on the endpoint, and performs rich correlation and computation to identify malicious events and blocks malicious activity.

The cloud component aggregates sensor telemetry for each customer’s network, correlates malicious behavior across multiple machines, and presents our customers’ operations teams with a prioritized summary of the threats detected in their environments. This is a Linux Engineer role in the engineering team that delivers code for the Linux sensor (lightweight agent). SDE’s in the team own design and development of core features on the platform. Features will cross-cut most core OS subsystems such as file system, memory, process, and networking. Many features are also built in a way that they will have shared components across Mac and Linux. The team operates under the Agile development principles and ships frequently.

In this role you will research techniques for detecting malicious activity. Once researched you will develop them into production level solutions for deployment. This role requires a combination of deep understanding of Linux kernel and user space and a large amount of solution creativity. The role is a split of research and implementation working alongside a small group of engineers.

What You’ll Do:

• Research, design and develop software for deployment

• Own features from design to delivery

• Collaborate with multi-functional team spread across geographies

• Troubleshoot issues with the product as reported from customers responsively

• Other projects as assigned

What You’ll Need:

• Deep knowledge of Linux Internals

• Familiarity and ideally experience with the Linux kernel programming and/or eBPF technology

• Can develop high-quality code in one and ideally more of the following languages: C/C++ with the following characteristics:

  • high concurrency requirements needing strong use of multi-threading

  • high reliability requirements

  • detailed requirements on low-level operating characteristics (memory usage, efficient performance,  conformance to standards)

• Ability to collaborate and deliver enterprise software working with various teams CI, testing, release management and quality assurance teams

• Experience in reverse engineering, vulnerability research, security application software development is a plus

• Able to communicate, collaborate, and work effectively in a distributed team

#LI-NT1

#LI-Remote