went through the CrowdStrike ML engineer loop in March. role was on their AI/ML team building threat detection models, not NLP, not recommendations. applied ML for security. i'll be direct about what they test.
where this role sits: CrowdStrike uses ML heavily in their Falcon platform for malware classification, behavioral anomaly detection, and threat hunting. the ML eng role here is not about building chatbots. it's about models that need to be fast, explainable enough for security analysts, and robust against adversarial manipulation. keep that in mind in every answer.
the loop was 6 rounds.
ml fundamentals. they tested gradient boosting deeply. why XGBoost over a random forest for a specific problem. how do you handle class imbalance when 0.01% of your samples are malicious. precision vs recall tradeoffs when false negatives mean missed attacks (they really care about this framing). i got an ROC/AUC question and a question about feature importance methods. SHAP came up. know SHAP.
ml system design. design a file classification system: given a feature vector representing a PE binary (file type, section entropy, imports), build a pipeline that classifies it as malicious or benign with sub-50ms latency at inference. i talked through: feature engineering, model choice (they wanted something interpretable, not a black box), serving infrastructure, monitoring for data drift, and adversarial robustness. they really probed adversarial: what happens when an attacker knows your features and crafts a binary to evade your model.
coding. two rounds of real coding. one was a data processing problem: given a stream of file scan events, compute a rolling 5-minute window of detection rate per endpoint. this is basically a pipeline problem with a streaming flavor. the other was implementing a simple decision tree from scratch. not a trick question, they want to see you understand the math.
behavioral. one round, standard. they asked about a time a model you deployed behaved unexpectedly in production and what you did.
cross-functional. talking with a product manager and a security researcher. they wanted to see if i could translate model outputs into something an analyst could act on.
what to prep: gradient boosted trees, anomaly detection, adversarial ML basics, precision/recall tradeoffs with very imbalanced classes, model serving at low latency, SHAP. python is table stakes. tensorflow/pytorch less important than understanding the model math.
comp: senior MLE, Austin, base $165k, RSU $200k/4yr. strong for Austin, especially in security.