Intelligence Intern - Emerging Threats (Remote)

This is a highly technical position on one of two teams within the Technical Analysis Cell (TAC), at the forefront of CrowdStrike's mission against nation state and criminal adversaries. Both teams are tasked with investigating, reconstructing and reverse engineering newly discovered, malicious artifacts and documenting analysis results as a stream of intelligence reporting. We are often the first to analyze previously unknown threats. One team encounters mobile malware (primarily APKs); The other team analyses cloud activity logs; We respond quickly when needed and perform equally well at conducting detailed analysis. Communication and collaboration with other teams of CrowdStrike is highly important to facilitate this.

As distributed international teams, we are looking for an energetic self-starter with the ability to take ownership and be accountable for deliverables while at the same time supporting and helping to improve upon our analysis workflow. If you'd like to work with passionate people in a fast-paced, team-oriented environment, you've come to the right place!

Depending on the candidates aptitude we can offer a role on one of two teams: The Mobile Mission or the Cloud Mission

Cloud Mission

What You’ll Do:

• Maintain a detailed understanding of the technical details of cloud intrusions through analyzing cloud provider activity logs, such as AWS CloudTrail and Azure Activity Logs.
• Convert your understanding to an intelligence report

What You’ll Need:

• Actively enrolled in a university, studying Computer Science, Cyber Security or related field (2027 graduate).
• Familiarity with at least one cloud service provider (AWS, Azure, GCP) as a user e.g., creating identities
• Investigative mindset
• Team player: someone who is eager to help, teach, and learn from others
• Strong problem-solving skills
• Independent Learner

Bonus Points:

• Knowledge of programming and scripting languages, in particular Python
• Ability to express complex technical and non-technical concepts
• Understanding of identity and access management for at least one major cloud service provider (AWS, Azure, GCP)
• Familiarity with at least one major cloud service provider’s (AWS, Azure, GCP) cloud activity logs e.g. CloudTrail, Azure Activity logs, GCP Audit Logs