Staff Windows Systems & Automation Engineer (Remote)

CrowdStrike-posted 3 months ago
$125,000 - $180,000/Yr
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

  • Architect, operate, and harden Active Directory (multi‑forest, multi‑site), DNS/DHCP, and NPS/RADIUS for Wi‑Fi/VPN/802.1X (EAP‑TLS).
  • Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology.
  • Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance.
  • Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAP‑TLS/mTLS.
  • Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and role‑based access.
  • Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets.
  • Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage.
  • Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences.
  • Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins).
  • Build self‑service patterns and APIs (golden images, desired‑state baselines, just‑in‑time access).
  • Design and operate enterprise PKI: policy‑driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale.
  • Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert‑manager/ACME; enable EAP‑TLS, service mTLS, code‑signing, and device certs.
  • Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS).
  • Build reproducible images and baseline configs for domain‑joined and cloud‑native instances.
  • Hands‑on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos).
  • Familiarity with virtualization (VMware vSphere/Hyper‑V), backup/restore workflows, and operational monitoring.
  • 8+ years designing, building, and operating enterprise Windows platforms (server + endpoint); 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent).
  • Proven track record delivering large‑scale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting.
  • Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAP‑TLS/Wi‑Fi/VPN experiences.
  • Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention.
  • Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing.
  • Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering.
  • Deep AWS experience for Windows workloads; practical GCP experience for Windows services.
  • Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEF→SIEM pipelines, zero‑trust‑aligned patterns.
  • Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking.
  • Experience with HA/DR/Backup at scale (cross‑region AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management).
  • Demonstrated success with Enterprise Linux (RHEL/Ubuntu) automation (e.g., Ansible) and macOS at scale (e.g., Jamf), including certificate/SCEP integrations.
  • Skills in IPAM/Infoblox and DHCP failover automation; DNS split‑horizon and API‑driven workflows.
  • Experience with observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets.
  • Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation.
  • Remote-friendly and flexible work culture
  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees regardless of level or role
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service