Senior CrowdStrike Falcon Security Engineer

Senior CrowdStrike Falcon Security Engineer

About the Role

We're looking for a Senior Security Engineer with deep hands-on expertise in CrowdStrike Falcon to join a high-impact security team. You'll own the deployment, tuning, and operationalization of the Falcon platform across a complex enterprise environment, and serve as the internal subject matter expert for endpoint detection and response (EDR).

What You'll Do

• Architect, deploy, and manage CrowdStrike Falcon across enterprise endpoints (Windows, macOS, Linux)
• Develop and tune detection policies, prevention policies, and custom IOAs (Indicator of Attack) to reduce noise and improve fidelity
• Lead threat hunting initiatives using Falcon's Event Search and Investigate capabilities
• Integrate Falcon with SIEM platforms (e.g., Splunk, Sentinel) and SOAR tools for automated response workflows
• Respond to and investigate endpoint-based incidents, leading root cause analysis and remediation efforts
• Collaborate with SOC, IT, and infrastructure teams to ensure consistent sensor coverage and health
• Establish and maintain dashboards, reporting, and KPIs around endpoint security posture
• Evaluate and implement new Falcon modules (e.g., Spotlight, Identity Protection, Discover) as the business scales
• Mentor junior security engineers and contribute to internal documentation and runbooks

What You Bring

• 5–8 years of experience in cybersecurity, with at least 3 years hands-on with CrowdStrike Falcon
• Strong understanding of EDR concepts, threat detection methodology, and adversary tactics (MITRE ATT&CK)
• Experience writing custom detection logic — Falcon Fusion, RTR scripts, or custom IOAs
• Proficiency with query languages such as Splunk SPL or KQL for log analysis
• Solid grasp of endpoint OS internals (Windows event logs, process trees, registry, macOS/Linux equivalents)
• Experience supporting incident response investigations from an EDR perspective
• Familiarity with cloud environments (AWS, Azure, or GCP) and securing cloud workloads via Falcon

Nice to Have

• CrowdStrike certifications (CCFA, CCFR, or CCFH)
• Experience with Falcon Data Replicator (FDR) or Humio/LogScale
• Scripting skills in Python or PowerShell for automation
• Prior experience in a SOC, MSSP, or consulting environment