Staff Windows Systems & Automation Engineer (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

We’re looking for a Windows expert with a proven track record of designing, automating, and securing large‑scale enterprise environments. You’ll own core Windows platform services (AD, DNS/DHCP, NPS/RADIUS), build and run certificate management as a service (CMaaS), and lead automation across tens of thousands of endpoints and servers. You’ll also be our SCCM expert for endpoint computing (Windows 10/11), bringing hands‑on systems administration depth and top‑tier troubleshooting across OS, apps, networking, and identity. Our footprint is hybrid data center with multi‑cloud (AWS + GCP).

What You’ll Do:

• Architect, operate, and harden Active Directory (multi‑forest, multi‑site), DNS/DHCP, and NPS/RADIUS for Wi‑Fi/VPN/802.1X (EAP‑TLS).

• Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology.

• Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance.

• Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAP‑TLS/mTLS.

• Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and role‑based access.

• Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets.

• Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage.

• Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences.

• Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins).

• Build self‑service patterns and APIs (golden images, desired‑state baselines, just‑in‑time access).

• Design and operate enterprise PKI: policy‑driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale.

• Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert‑manager/ACME; enable EAP‑TLS, service mTLS, code‑signing, and device certs.

• Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS).

• Build reproducible images and baseline configs for domain‑joined and cloud‑native instances.

• Hands‑on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos).

• Familiarity with virtualization (VMware vSphere/Hyper‑V), backup/restore workflows, and operational monitoring.

What You’ll Need:

• 8+ years designing, building, and operating enterprise Windows platforms (server + endpoint); 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent).

• Proven track record delivering large‑scale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting.

• Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAP‑TLS/Wi‑Fi/VPN experiences.

• Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention.

• Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing.

• Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering.

• Deep AWS experience for Windows workloads; practical GCP experience for Windows services.

• Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEF→SIEM pipelines, zero‑trust‑aligned patterns.

• Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking.

Bonus Points:

• Experience with HA/DR/Backup at scale (cross‑region AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management).

• Demonstrated success with Enterprise Linux (RHEL/Ubuntu) automation (e.g., Ansible) and macOS at scale (e.g., Jamf), including certificate/SCEP integrations.

• Skills inIPAM/Infoblox and DHCP failover automation; DNS split‑horizon and API‑driven workflows.

• Experience with observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets.

• Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation.

#LI-RT1

#LI-Remote

Benefits of Working at CrowdStrike:

• Remote-friendly and flexible work culture

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

Right to Work

CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $125.000 - $180.000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.

For detailed information about the U.S. benefits package, please click here. 

Expected Close Date of Job Posting is:11-29-2025