Sr. Crowdstrike Engineer – Endpoint Security
| Company | Charles Schwab |
|---|---|
| Location | Lone Tree, CO, USA, Austin, TX, USA, Southlake, TX, USA, Omaha, NE, USA, Phoenix, AZ, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior, Expert or higher |
Requirements
- 5+ years of experience configuring and maturing endpoint security programs, with at least 3 years of hands-on expertise in CrowdStrike Falcon (including EDR, Identity Protection, Data Protection, Exposure Management, SaaS Security, NG-SIEM, Fusion, CWP, or FIM)
- Proven track record of deploying, configuring, and tuning CrowdStrike agents across enterprise environments (Windows, macOS, Linux)
- Strong understanding of endpoint detection and response (EDR), threat hunting, IOC/IOA development, and real-time response (RTR)
- Experience writing and updating queries using CrowdStrike Query Language, or similar SIEM query language such as Splunk
- Experience integrating CrowdStrike with SIEM/SOAR platforms
- Experience integrating multiple security tools to provide enhanced visibility and monitoring capabilities
- Experience developing advanced workflows leveraging the CrowdStrike platform
- Ability to leverage CrowdStrike telemetry to support incident response investigations
- Comfortable collaborating with SOC, threat intel, and infrastructure teams to refine detection logic and reduce false positives
- Knowledge of MITRE ATT&CK, malware behaviors, and threat actor TTPs as they relate to endpoint security
- Advanced experience with scripting (PowerShell, Python, Bash) for automation and custom response actions
- Develop and report enterprise level metrics for endpoint security controls
- Architect solutions (initial state, transition, final state architectures)
- Provide compliance and audit evidence for monitored systems
- Document, publish, and maintain a knowledge base of information pertaining to the functionality, processes, and procedures related to the supported tools
Responsibilities
- Leading the engineering efforts and implementation of endpoint security capabilities in CrowdStrike including EDR, NG-SIEM, DLP, IDP, and Zero Trust
- Leading the implementation and adoption of CrowdStrike modules while ensuring all regulatory and compliance standards are met
- Collaborating with product and project teams to understand needs and enablement with security products
- Strong analysis and decision-making skills with the ability to identify opportunities to mature endpoint security offerings
- Participate in technical cross-functional sessions, and ensure adherence to change and configuration management principles
- Assessing issues and developing resolutions to meet productivity, quality goals, and objectives
Preferred Qualifications
- CrowdStrike certifications (e.g., CCFR, CCFP) are highly desirable
- CISSP, CISM, or other relevant information security industry recognized certification preferred