CrowdStrike

Insider Investigations Analyst

CrowdStrike

full-time

Posted on:

Location Type: Remote

Location: Remote • Texas • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $100,000 - $155,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AssemblyCyber SecurityLinuxOpen SourceSQLTCP/IP

About the role

  • Participate in confidential insider risk investigations
  • Create and implement insider risk related detections
  • Perform detailed and comprehensive investigations, reviewing data from multiple data sources to include, but not limited to, network, host, and open source
  • Communicate with end users regarding potential policy violations when appropriate
  • Assist in data recovery efforts through the creation of comprehensive reports on an as-needed basis
  • Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs) in a clear, logical, concise manner
  • Handling confidential or sensitive information with appropriate discretion
  • Assist in regular and sustained alert tuning efforts to minimize false positive results
  • Ensure that all investigations are properly documented and tracked in appropriate case management systems
  • Support Incident Response lifecycle via triage and investigation of detections and action as appropriate (e.g. live response, containment, escalation, etc.)
  • Assist in the development of detection criteria, through ASM (Attack Surface Mapping), across a broad range of technologies and log sources
  • Identify security controls coverage and efficiency gaps in available data/logs and tooling
  • Provide information security summaries containing security metrics as required
  • Participate in incident response and manage escalations as needed
  • Drive efficient process development and documentation for all aspects of the Incident Response lifecycle
  • Provide after-hours support on an on-demand basis

Requirements

  • Experience with data classification or risk scoring methodologies
  • Excellent verbal and written communication skills with a strong emphasis on attention-to-detail
  • Ability to triage and manage 2-3 investigations simultaneously
  • Ability to work independently and coordinate with multiple internal departments as needed
  • Experience responding to security event alerts, including front-line analysis and escalation, of hacktivist, cybercrime, and APT activity
  • Theoretical and practical knowledge with Mac, Linux, and Windows operating systems
  • Theoretical and practical knowledge with TCP/IP networking and application layers
  • Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation
  • Experience with access/application/system log analysis, IDS/IPS alerting and data flow, and SIEM-based workflows
  • Experience with security data collection, processing, and correlation
  • Capable of following technical instructions and completing technical tasks without supervision
  • Desire to continually grow and expand both technical and soft skills
  • Contributing thought leader within the incident response industry
  • Ability to foster a positive work environment and attitude
  • Scripting experience (Bash, PowerShell, etc.)
  • Experience with REGEX and data stream editing binaries (SED, AWK, etc.)
  • Experience with host database enumeration and analysis (SQL, SQLITE3)
  • Experience with network analysis (TCPDump, TSHark/WireShark, etc.)
  • Experience with basic static and dynamic host analysis (Order of Volatility, etc.)
  • Experience with basic files analysis (permissions, ownership, metadata)
  • Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes
  • Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience.
  • Obtained or pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science
Benefits
  • Remote-friendly and flexible work culture
  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees regardless of level or role
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
data classificationrisk scoring methodologiesTCP/IP networkingASM (Attack Surface Mapping)Threat Huntinglog analysisSIEM-based workflowsscripting (Bash, PowerShell)REGEXnetwork analysis (TCPDump, TSHark, WireShark)
Soft skills
verbal communicationwritten communicationattention to detailindependent workcoordinationpositive work environmentthought leadershipprocess developmentdiscretionability to manage multiple investigations
Certifications
GCIAGCIHGCFAGNFAGIMEGCCCGPENOSCP