Sr. Intelligence Analyst, GTAC Vulnerability Mission (Remote)

About the role:

CrowdStrike Counter Adversary Operations (CAO), a core component of CrowdStrike, is seeking a motivated Senior Intelligence Analyst with excellent analysis skills for the Global Threat Analysis Cell (GTAC) to identify, research and track vulnerabilities in use by adversaries. This role will be focused on tracking and documenting exploitation techniques that are observed in the wild and their use by targeted intrusion, eCrime, hacktivist and other adversaries in close collaboration with other subject matter experts on the Intelligence team. This position serves an important role in increasing our understanding of exploit trends in the global threat landscape, contributing to the continuous tracking of criminal and state-sponsored adversary groups, and ultimately developing finished intelligence products. 

The ideal candidate for this position is a specialist in strategic and operational analysis of vulnerabilities and exploits with the ability to track the adversary landscape based on observed intrusion behavior. They will demonstrate previous experience developing tools, processes, and technology to support predictive analysis of adversaries and their tactics.  We are also open to applications by experienced and talented Intelligence Analysts without significant vulnerability knowledge that are demonstrate an ability to rapidly expand their skills to meet the following requirements:

What You’ll do::

• Identify threats, trends, and new developments in vulnerabilities and exploit behavior by adversaries while  synthesizing raw intelligence and data from numerous data sources

• Identify and monitor the Tactics, Techniques, and Procedures (TTPs) employed by cyber threat actors that use exploits

• Digest, analyze, model and structure data relationships to support the identification and description of malicious activities.

• Apply understood analytic tradecraft to gathered intelligence in a consistent manner

• Produce  finished intelligence analysis to internal and external customers through written reporting of varied depth on short deadlines, with minimal supervision

• Collaborate across teams to inform various functions within CrowdStrike about activity of interest and to coordinate adversary/campaign tracking 

• Develop tools, processes, and technology to support predictive analysis of adversaries and tactics based on vulnerabilities/exploits.

• Identify intelligence gaps and submit requests for information to fill gaps

• Conduct briefings as needed for a variety of levels of customers as requested (via either phone, video conference, webcast, in-person briefing, or industry conference)

What You’ll Need:

• Minimum of 2-3 years’ experience in a threat intelligence environment

• Motivated self-starter with experience in the cyber threat intelligence field, preferably with experience in researching and reporting on exploits and exploit behavior by adversaries

• Ability to produce quality finished intelligence products on short deadlines, as well as continuing to maintain analysis for and report on long term strategic assessments

• Knowledge of analytic tradecraft including the production of intelligence assessments

• Basic knowledge of how vulnerabilities are discovered and exploits are developed, (e.g. understanding of common remote network exploitation and/or local privilege escalation techniques)

• Ability to identify and track adversary tradecraft and trends for actors of all types 

• Experience with technical indicators from malware, logs,  and/or PCAP through leveraging resources for analysis of infrastructure, samples, and link analysis.

• Familiarity or aptitude to learn basic signature writing (e.g .YARA, Snort, Zeek etc.)

• Knowledge of operating system fundamentals (e.g. Windows, Linux, macOS) and networking concepts

• Desire to extend knowledge on intelligence tradecraft and technical terminology relevant to vulnerability intelligence, as well as provide assistance to other members of the intelligence team.

Bonus Points:

• Previous experience as an All-Source intelligence analyst at a national level intelligence organization

• General understanding of network and host log analysis with a foundational knowledge of Incident Response (IR) processes and procedures

• Familiarity with EDR and SIEM solutions 

• Experience using, developing, deploying and honeypots

Education:

Undergraduate degree, military training or relevant experience in cyber intelligence, computer science, general intelligence studies, security studies, political science, international relations, etc. Other relevant technical security certifications, conference presentations and academic research will be considered as well.

#LI-Remote

#LI-EV1

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs

• Competitive vacation and holidays for recharge

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at [email protected] for further assistance.