×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Engineer II, Threat Detection - Windows; Hybrid

Job in Sunnyvale, Santa Clara County, California, 94086, USA
Listing for: CrowdStrike
Full Time, Part Time position
Listed on 2026-07-13
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below
Position: Engineer II, Threat Detection - Windows (Hybrid)

Crowdstrike Endpoint Protection (Epp) Content Response Team

The Crowd Strike Endpoint Protection (EPP) Content Response team is seeking an experienced and passionate professional to analyze intrusions, threat campaigns, and malware — and to drive efforts to mitigate them by implementing robust behavioral detection coverage on the Falcon sensor platform. The Content Response Team improves detection capability and efficiency through tactical analysis of ongoing attacks by criminal and nation-state actors impacting our customers, translating observed attacker behavior into high-fidelity endpoint detections deployed at global scale.

The role requires independent work as well as the ability to collaborate across threat intelligence, engineering, and operational teams. You will be expected to take initiative identifying and solving detection gaps that directly protect our customers. You will be part of a cutting-edge threat detection team regularly facing off against sophisticated techniques and well-resourced adversaries.

This role is hybrid, requiring 2-3 days per week on-site at one of the posted locations.

What You'll Do:

  • Analyze emerging threats, campaigns, intrusion data, and malware execution telemetry to identify detectable behaviors and coverage gaps
  • Author and optimize behavioral detection rules (Indicators of Attack) targeting adversary techniques observed on Windows endpoints
  • Query and analyze endpoint telemetry (process execution, file system, registry, memory, authentication events) to validate detection hypotheses and assess coverage
  • Monitor detection precision metrics, investigate false positives, and tune detections to maintain high signal-to-noise ratios
  • Manage detections through a structured lifecycle: development, validation, staged deployment, and production monitoring
  • Collaborate with threat intelligence and incident response teams to prioritize detection development based on active threat campaigns

What You'll Need:

  • Must be eligible for CJIS clearance (requires U.S. citizenship or Green Card/permanent resident status).
  • Bachelor's degree in information security, computer science, or related field — or 4+ years of equivalent hands-on experience in detection engineering, threat analysis, or endpoint security
  • Experience with endpoint detection platforms, EDR tooling, or detection-driven security workflows
  • Proficiency in Windows OS internals and APIs (process creation, registry, file system, memory management, authentication subsystems)
  • Experience with behavioral malware analysis, sandboxing, telemetry collection, and detectable behaviors from execution logs or Windows forensics
  • Working knowledge of regular expressions and pattern-based detection authoring
  • Ability to read and understand various programming languages and Power Shell; scripting proficiency in Python for automation and analysis
  • Experience analyzing endpoint telemetry or host-based log data to identify malicious patterns
  • Solid working knowledge of common adversary TTPs and the ability to translate threat intelligence into detection logic
  • Ability to assess cyber threat intelligence, open-source intelligence, or partner reporting for actionable detection opportunities
  • Passion for detection engineering, threat analysis, or security research, with the motivation to keep learning and growing
  • Comfortable using AI-assisted tooling as a daily force multiplier, not just a novelty
  • Energetic self-starter mentality with the ability to take ownership and be accountable for deliverables
  • Clear written and verbal communication skills to drive triage, convey detection rationale, and align cross-functionally with both technical and executive-level stakeholders
  • Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.

Bonus Points:

  • Experience writing behavioral detection rules or signatures for an endpoint security product (IOA/IOC logic, behavioral engines, or equivalent)
  • Experience with regex optimization or pattern matching in performance-sensitive contexts
  • Familiarity with detection precision concepts: true/false positive analysis, disposition workflows, and tuning at scale
  • Experience with detection content lifecycle management (development → testing → staged deployment → monitoring)
  • Understanding of behavioral detection paradigms: process tree analysis, parent-child relationships, API call sequences, and living-off-the-land technique identification
  • Familiarity with MITRE ATT&CK adversary tactics and techniques
  • Experience in a security operations center or similar environment tracking threat actors and responding to incidents
  • Experience building test environments, lab infrastructure, or automation to improve detection development workflows
  • Working knowledge of agentic AI CLIs and skills for detection engineering workflows
  • Contributions to the open-source community (Git Hub, Stack Overflow, blogging) or published research (conferences, blogs, articles)
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary