Engineer II, Threat Detection - Windows (Hybrid)

CrowdStrikeRedmond, WA
$100,000 - $145,000Hybrid

About The Position

The CrowdStrike Endpoint Protection (EPP) Content Response team is seeking an experienced and passionate professional to analyze intrusions, threat campaigns, and malware — and to drive efforts to mitigate them by implementing robust behavioral detection coverage on the Falcon sensor platform. The Content Response Team improves detection capability and efficiency through tactical analysis of ongoing attacks by criminal and nation-state actors impacting our customers, translating observed attacker behavior into high-fidelity endpoint detections deployed at global scale. The role requires independent work as well as the ability to collaborate across threat intelligence, engineering, and operational teams. You will be expected to take initiative identifying and solving detection gaps that directly protect our customers. You will be part of a cutting-edge threat detection team regularly facing off against sophisticated techniques and well-resourced adversaries. This role is hybrid, requiring 2-3 days per week on-site at one of the posted locations.

Requirements

  • Must be eligible for CJIS clearance (requires U.S. citizenship or Green Card/permanent resident status).
  • Bachelor's degree in information security, computer science, or related field — or 4+ years of equivalent hands-on experience in detection engineering, threat analysis, or endpoint security
  • Experience with endpoint detection platforms, EDR tooling, or detection-driven security workflows
  • Proficiency in Windows OS internals and APIs (process creation, registry, file system, memory management, authentication subsystems)
  • Experience with behavioral malware analysis, sandboxing, telemetry collection, and detectable behaviors from execution logs or Windows forensics
  • Working knowledge of regular expressions and pattern-based detection authoring
  • Ability to read and understand various programming languages and PowerShell; scripting proficiency in Python for automation and analysis
  • Experience analyzing endpoint telemetry or host-based log data to identify malicious patterns
  • Solid working knowledge of common adversary TTPs and the ability to translate threat intelligence into detection logic
  • Ability to assess cyber threat intelligence, open-source intelligence, or partner reporting for actionable detection opportunities
  • Passion for detection engineering, threat analysis, or security research, with the motivation to keep learning and growing
  • Comfortable using AI-assisted tooling as a daily force multiplier, not just a novelty
  • Energetic self-starter mentality with the ability to take ownership and be accountable for deliverables
  • Clear written and verbal communication skills to drive triage, convey detection rationale, and align cross-functionally with both technical and executive-level stakeholders
  • Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.

Nice To Haves

  • Experience writing behavioral detection rules or signatures for an endpoint security product (IOA/IOC logic, behavioral engines, or equivalent)
  • Experience with regex optimization or pattern matching in performance-sensitive contexts
  • Familiarity with detection precision concepts: true/false positive analysis, disposition workflows, and tuning at scale
  • Experience with detection content lifecycle management (development → testing → staged deployment → monitoring)
  • Understanding of behavioral detection paradigms: process tree analysis, parent-child relationships, API call sequences, and living-off-the-land technique identification
  • Familiarity with MITRE ATT&CK adversary tactics and techniques
  • Experience in a security operations center or similar environment tracking threat actors and responding to incidents
  • Experience building test environments, lab infrastructure, or automation to improve detection development workflows
  • Working knowledge of agentic AI CLIs and skills for detection engineering workflows
  • Contributions to the open-source community (GitHub, Stack Overflow, blogging) or published research (conferences, blogs, articles)

Responsibilities

  • Analyze emerging threats, campaigns, intrusion data, and malware execution telemetry to identify detectable behaviors and coverage gaps
  • Author and optimize behavioral detection rules (Indicators of Attack) targeting adversary techniques observed on Windows endpoints
  • Query and analyze endpoint telemetry (process execution, file system, registry, memory, authentication events) to validate detection hypotheses and assess coverage
  • Monitor detection precision metrics, investigate false positives, and tune detections to maintain high signal-to-noise ratios
  • Manage detections through a structured lifecycle: development, validation, staged deployment, and production monitoring
  • Collaborate with threat intelligence and incident response teams to prioritize detection development based on active threat campaigns

Benefits

  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees regardless of level or role
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe
  • health insurance
  • 401k
  • paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service