Senior Windows Systems Engineer, Automation

October 2

Apply Now

Receive Emails with Similar Jobs

CrowdStrike

WebsiteLinkedInAll Job Openings

Cybersecurity • SaaS • Artificial Intelligence

CrowdStrike is a cybersecurity company that provides cloud-based security services to stop breaches. It is recognized as a leader in endpoint protection, identity and cloud security, and managed detection and response. CrowdStrike's platform, Falcon, integrates artificial intelligence to offer real-time visibility, detection, and protection against sophisticated cyber threats. The company is lauded for its effectiveness in securing networks and data, making it a trusted partner for businesses worldwide.

5001 - 10000 employees

Founded 2011

🔒 Cybersecurity

☁️ SaaS

🤖 Artificial Intelligence

📋 Description

• Architect, operate, and harden Active Directory (multi‑forest, multi‑site), DNS/DHCP, and NPS/RADIUS for Wi‑Fi/VPN/802.1X (EAP‑TLS) • Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology • Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance • Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAP‑TLS/mTLS • Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and role‑based access • Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets • Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage • Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences • Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins) • Build self‑service patterns and APIs (golden images, desired‑state baselines, just‑in‑time access) • Design and operate enterprise PKI: policy‑driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale • Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert‑manager/ACME; enable EAP‑TLS, service mTLS, code‑signing, and device certs • Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS) • Build reproducible images and baseline configs for domain‑joined and cloud‑native instances • Hands‑on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos) • Familiarity with virtualization (VMware vSphere/Hyper‑V), backup/restore workflows, and operational monitoring

🎯 Requirements

• 8+ years designing, building, and operating enterprise Windows platforms (server + endpoint) • 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent) • Proven track record delivering large-scale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting • Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAP‑TLS/Wi‑Fi/VPN experiences • Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention • Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing • Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering • Deep AWS experience for Windows workloads; practical GCP experience for Windows services • Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEF→SIEM pipelines, zero‑trust‑aligned patterns • Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking

🏖️ Benefits

• Remote-friendly and flexible work culture • Market leader in compensation and equity awards • Comprehensive physical and mental wellness programs • Competitive vacation and holidays for recharge • Paid parental and adoption leaves • Professional development opportunities for all employees regardless of level or role • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections • Vibrant office culture with world class amenities • Great Place to Work Certified™ across the globe