Sr. Windows Systems & Automation Engineer

Sr. Windows Systems & Automation Engineer at CrowdStrike

CrowdStrike is a global leader in cybersecurity, protecting modern organizations with its AI-native platform. We are dedicated to stopping breaches and fostering a culture of flexibility and autonomy for our talented CrowdStrikers. Join a mission that matters; the future of cybersecurity starts with you.

About The Role

As a Sr. Windows Systems & Automation Engineer, you will be a Windows expert, responsible for designing, automating, and securing large-scale enterprise environments. This role involves owning core Windows platform services like Active Directory, DNS/DHCP, and NPS/RADIUS, building Certificate Management as a Service (CMaaS), and leading automation initiatives across tens of thousands of endpoints and servers. You will also serve as the SCCM expert for endpoint computing, providing deep hands-on systems administration and troubleshooting across OS, applications, networking, and identity within a hybrid data center and multi-cloud (AWS + GCP) footprint.

What You’ll Do

• Architect, operate, and harden Active Directory (multi-forest, multi-site), DNS/DHCP, and NPS/RADIUS for Wi-Fi/VPN/802.1X (EAP-TLS).
• Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology.
• Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance.
• Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAP-TLS/mTLS.
• Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and role-based access.
• Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets.
• Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage.
• Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences.
• Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins).
• Build self-service patterns and APIs (golden images, desired-state baselines, just-in-time access).
• Design and operate enterprise PKI: policy-driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale.
• Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert-manager/ACME; enable EAP-TLS, service mTLS, code-signing, and device certs.
• Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS).
• Build reproducible images and baseline configs for domain-joined and cloud-native instances.
• Hands-on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos).
• Familiarity with virtualization (VMware vSphere/Hyper-V), backup/restore workflows, and operational monitoring.

What You’ll Need

• 8+ years designing, building, and operating enterprise Windows platforms (server + endpoint).
• 8+ years owning Active Directory, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent).
• Proven track record delivering large-scale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting.
• Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAP-TLS/Wi-Fi/VPN experiences.
• Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention.
• Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing.
• Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering.
• Deep AWS experience for Windows workloads; practical GCP experience for Windows services.
• Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEF→SIEM pipelines, zero-trust-aligned patterns.
• Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking.

Bonus Points

• Experience with HA/DR/Backup at scale (cross-region AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management).
• Demonstrated success with Enterprise Linux (RHEL/Ubuntu) automation (e.g., Ansible) and macOS at scale (e.g., Jamf), including certificate/SCEP integrations.
• Skills in IPAM/Infoblox and DHCP failover automation; DNS split-horizon and API-driven workflows.
• Experience with observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets.
• Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation.

Benefits Of Working At CrowdStrike

• Market leader in compensation and equity awards.
• Comprehensive physical and mental wellness programs.
• Competitive vacation and holidays for recharge.
• Paid parental and adoption leaves.
• Professional development opportunities for all employees.
• Employee Networks, geographic neighborhood groups, and volunteer opportunities.
• Vibrant office culture with world class amenities.
• Great Place to Work Certified™ across the globe.

Key skills/competency

• Windows Systems Administration
• Active Directory
• SCCM/MECM
• PowerShell Automation
• PKI/Certificate Management
• Cloud Infrastructure (AWS, GCP)
• Cybersecurity
• Endpoint Security
• Networking (DNS/DHCP/NPS)
• Troubleshooting