2025-10-02
CrowdStrike, Inc.
Other
/yr
employee
contract
Sunnyvale
California
94085
United States
CrowdStrike, Inc.
Full time
R24809
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:
We’re looking for a Windows expert with a proven track record of designing, automating, and securing largescale enterprise environments. You’ll own core Windows platform services (AD, DNS/DHCP, NPS/RADIUS), build and run certificate management as a service (CMaaS), and lead automation across tens of thousands of endpoints and servers. You’ll also be our SCCM expert for endpoint computing (Windows 10/11), bringing handson systems administration depth and toptier troubleshooting across OS, apps, networking, and identity. Our footprint is hybrid data center with multicloud (AWS + GCP).
What You’ll Do:
Architect, operate, and harden Active Directory (multiforest, multisite), DNS/DHCP, and NPS/RADIUS for WiFi/VPN/802.1X (EAPTLS).
Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology.
Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance.
Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAPTLS/mTLS.
Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and rolebased access.
Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets.
Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage.
Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences.
Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins).
Build selfservice patterns and APIs (golden images, desiredstate baselines, justintime access).
Design and operate enterprise PKI: policydriven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale.
Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, certmanager/ACME; enable EAPTLS, service mTLS, codesigning, and device certs.
Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS).
Build reproducible images and baseline configs for domainjoined and cloudnative instances.
Handson Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos).
Familiarity with virtualization (VMware vSphere/HyperV), backup/restore workflows, and operational monitoring.
What You’ll Need:
8+ years designing, building, and operating enterprise Windows platforms (server + endpoint); 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent).
Proven track record delivering largescale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting.
Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAPTLS/WiFi/VPN experiences.
Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention.
Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing.
Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering.
Deep AWS experience for Windows workloads; practical GCP experience for Windows services.
Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEFSIEM pipelines, zerotrustaligned patterns.
Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking.
Bonus Points:
Experience with HA/DR/Backup at scale (crossregion AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management).
Demonstrated success with Enterprise Linux (RHEL/Ubuntu) automation (e.g., Ansible) and macOS at scale (e.g., Jamf), including certificate/SCEP integrations.
Skills inIPAM/Infoblox and DHCP failover automation; DNS splithorizon and APIdriven workflows.
Experience with observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets.
Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation.
#LI-RT1
#LI-Remote
Benefits of Working at CrowdStrike:
Remote-friendly and flexible work culture
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certifiedâ„¢ across the globe
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
Right to Work
CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $125.000 - $180.000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.For detailed information about the U.S. benefits package, please click here.
Expected Close Date of Job Posting is:11-29-2025PI278540831
