CrowdStrike, Inc.
Sr. Windows Systems & Automation Engineer (Remote)
CrowdStrike, Inc., Sunnyvale, California, United States, 94087
Overview
CrowdStrike, Inc. is seeking a Windows expert to design, automate, and secure largescale enterprise environments. The role owns core Windows platform services (AD, DNS/DHCP, NPS/RADIUS), builds and runs certificate management as a service (CMaaS), and leads automation across tens of thousands of endpoints and servers. The candidate will be the SCCM expert for endpoint computing (Windows 10/11), providing hands-on systems administration depth and top-tier troubleshooting across OS, applications, networking, and identity. The footprint is hybrid data center with multicloud (AWS + GCP). This is a full-time position.
What You'll Do
Architect, operate, and harden Active Directory (multiforest, multisite), DNS/DHCP, and NPS/RADIUS for WiFi/VPN/802.1X (EAPTLS). Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology. Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance. Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAPTLS/mTLS. Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting, CMPivot, and RBAC. Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets. Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage. Use deep diagnostics with Sysinternals, Windows Performance Toolkit, WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to identify root causes and prevent recurrence. Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins). Build self-service patterns and APIs (golden images, desired state baselines, just-in-time access). Design and operate enterprise PKI: policy-driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale. Integrate with ADCS, AWS ACM/ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, certmanager/ACME; enable EAPTLS, service mTLS, codesigning, and device certs. Standardize and harden Windows workloads in AWS and GCP environments, build reproducible images and baseline configs for domain-joined and cloud-native instances. Hands-on Windows server operations (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos); familiarity with virtualization (VMware vSphere/Hyper-V), backup/restore workflows, and operational monitoring. What You'll Need
8+ years designing, building, and operating enterprise Windows platforms (server + endpoint); 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent). Proven track record delivering largescale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting. Experience managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAPTLS/WiFi/VPN experiences. Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention. Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing. Troubleshooting expertise using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause analysis and preventative engineering. Deep AWS experience for Windows workloads; practical GCP experience for Windows services. Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEFSIEM pipelines, and zerotrust-aligned patterns. Excellent documentation and design-writing skills; ability to influence across Infra, Security, SRE, and Networking. Bonus Points
Experience with HA/DR/Backup at scale (cross-region AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management). Enterprise Linux automation (Ansible) and macOS at scale (Jamf), including certificate/SCEP integrations. Skills in IPAM/Infoblox and DHCP failover automation; DNS split-horizon and API-driven workflows. Observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets. Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation. Note: This description reflects the content of the job posting and may include marketing language intended to describe CrowdStrike’s culture and approach. Benefits
Remote-friendly and flexible work culture Market-leading compensation and equity awards Comprehensive physical and mental wellness programs Competitive vacation and holidays Paid parental and adoption leaves Professional development opportunities for all employees Employee networks, geographic groups, and volunteer opportunities Vibrant office culture with amenities Great Place to Work Certified CrowdStrike is proud to be an equal opportunity employer and does not discriminate in employment opportunities or practices on any protected basis. If you need assistance submitting an application or requesting an accommodation, please contact recruiting at the company. CrowdStrike participates in the E-Verify program. Right to Work information is available from the company. Salary range for U.S. candidates is $125,000 - $180,000 per year, with bonuses, equity, and a comprehensive benefits package. For detailed benefits information, a separate link is provided in the posting. Expected Close Date of Job Posting is 11-29-2025.
#J-18808-Ljbffr
CrowdStrike, Inc. is seeking a Windows expert to design, automate, and secure largescale enterprise environments. The role owns core Windows platform services (AD, DNS/DHCP, NPS/RADIUS), builds and runs certificate management as a service (CMaaS), and leads automation across tens of thousands of endpoints and servers. The candidate will be the SCCM expert for endpoint computing (Windows 10/11), providing hands-on systems administration depth and top-tier troubleshooting across OS, applications, networking, and identity. The footprint is hybrid data center with multicloud (AWS + GCP). This is a full-time position.
What You'll Do
Architect, operate, and harden Active Directory (multiforest, multisite), DNS/DHCP, and NPS/RADIUS for WiFi/VPN/802.1X (EAPTLS). Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology. Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance. Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAPTLS/mTLS. Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting, CMPivot, and RBAC. Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets. Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage. Use deep diagnostics with Sysinternals, Windows Performance Toolkit, WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to identify root causes and prevent recurrence. Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins). Build self-service patterns and APIs (golden images, desired state baselines, just-in-time access). Design and operate enterprise PKI: policy-driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale. Integrate with ADCS, AWS ACM/ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, certmanager/ACME; enable EAPTLS, service mTLS, codesigning, and device certs. Standardize and harden Windows workloads in AWS and GCP environments, build reproducible images and baseline configs for domain-joined and cloud-native instances. Hands-on Windows server operations (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos); familiarity with virtualization (VMware vSphere/Hyper-V), backup/restore workflows, and operational monitoring. What You'll Need
8+ years designing, building, and operating enterprise Windows platforms (server + endpoint); 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent). Proven track record delivering largescale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting. Experience managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAPTLS/WiFi/VPN experiences. Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention. Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing. Troubleshooting expertise using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause analysis and preventative engineering. Deep AWS experience for Windows workloads; practical GCP experience for Windows services. Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEFSIEM pipelines, and zerotrust-aligned patterns. Excellent documentation and design-writing skills; ability to influence across Infra, Security, SRE, and Networking. Bonus Points
Experience with HA/DR/Backup at scale (cross-region AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management). Enterprise Linux automation (Ansible) and macOS at scale (Jamf), including certificate/SCEP integrations. Skills in IPAM/Infoblox and DHCP failover automation; DNS split-horizon and API-driven workflows. Observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets. Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation. Note: This description reflects the content of the job posting and may include marketing language intended to describe CrowdStrike’s culture and approach. Benefits
Remote-friendly and flexible work culture Market-leading compensation and equity awards Comprehensive physical and mental wellness programs Competitive vacation and holidays Paid parental and adoption leaves Professional development opportunities for all employees Employee networks, geographic groups, and volunteer opportunities Vibrant office culture with amenities Great Place to Work Certified CrowdStrike is proud to be an equal opportunity employer and does not discriminate in employment opportunities or practices on any protected basis. If you need assistance submitting an application or requesting an accommodation, please contact recruiting at the company. CrowdStrike participates in the E-Verify program. Right to Work information is available from the company. Salary range for U.S. candidates is $125,000 - $180,000 per year, with bonuses, equity, and a comprehensive benefits package. For detailed benefits information, a separate link is provided in the posting. Expected Close Date of Job Posting is 11-29-2025.
#J-18808-Ljbffr