CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?

Senior Windows Systems Engineer, Automation

QA Automation EngineerQA Automation EngineerFull TimeRemoteTeam 5,001-10,000Since 2011H1B SponsorCompany Site LinkedIn

Location

United States

Posted

163 days ago

Salary

$125K - $180K / year

Bachelor Degree8 yrs expEnglishAWSCloudDNSEC2Google Cloud PlatformJenkinsPackerTerraformVaultVmware

Job Description

• Architect, operate, and harden Active Directory (multi‑forest, multi‑site), DNS/DHCP, and NPS/RADIUS for Wi‑Fi/VPN/802.1X (EAP‑TLS) • Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology • Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance • Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAP‑TLS/mTLS • Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and role‑based access • Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets • Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage • Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences • Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins) • Build self‑service patterns and APIs (golden images, desired‑state baselines, just‑in‑time access) • Design and operate enterprise PKI: policy‑driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale • Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert‑manager/ACME; enable EAP‑TLS, service mTLS, code‑signing, and device certs • Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS) • Build reproducible images and baseline configs for domain‑joined and cloud‑native instances • Hands‑on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos) • Familiarity with virtualization (VMware vSphere/Hyper‑V), backup/restore workflows, and operational monitoring

Job Requirements

8+ years designing, building, and operating enterprise Windows platforms (server + endpoint)
8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent)
Proven track record delivering large-scale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting
Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAP‑TLS/Wi‑Fi/VPN experiences
Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention
Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing
Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering
Deep AWS experience for Windows workloads; practical GCP experience for Windows services
Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEF→SIEM pipelines, zero‑trust‑aligned patterns
Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking

Benefits

Remote-friendly and flexible work culture
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe