Identity Security Engineer – ITDR, CSPM

This is a fully remote position, open to applicants in United States.

📋 Description

• Take charge of the complete strategy, execution, and operational integrity of CrowdStrike Falcon Identity Protection and the CSPM functionalities within CrowdStrike Cloud Security.

• Actively identify identity-related threats, misconfigurations, and gaps in cloud security; ensure remediation is executed according to client policies and procedures.

• Set up, adjust, and manage identity protection policies, IOM and IOA policies, along with risk-based authentication controls.

• Function as the escalation point and a trusted technical advisor to client leadership regarding identity and cloud security issues.

• Create runbooks, detection logic, and automation processes to minimize manual work and enhance response times.

• Keep an eye on the threat landscape and convert emerging risks into actionable hardening suggestions.

• Organize and lead governance calls with stakeholders; independently generate agendas, notes, and follow-up actions.

• Collaborate with other cybersecurity teams to integrate CrowdStrike telemetry into overall security operations.

• Develop metrics, dashboards, and executive-level reports on identity and cloud security status.

• Utilize extensive knowledge of identity-based attack techniques—including lateral movement, credential theft, Kerberoasting, and pass-the-hash—to shape detection and response strategies.

⛳️ Requirements

• Over 7 years of experience in cybersecurity, with at least 2–3 years of direct administration of the CrowdStrike Falcon platform.

• Proven expertise with CrowdStrike Falcon Identity Protection, encompassing policy configuration, threat detection, and conditional access.

• Strong familiarity with CrowdStrike Cloud Security, particularly CSPM.

• In-depth understanding of identity and access management principles: Active Directory, Azure AD/Entra ID, LDAP, Kerberos, SAML, and OAuth.

• Practical cloud security experience with Microsoft Azure, including IAM, network security, and posture management.

• Comprehensive understanding of privileged access management and identity-based attack methods (lateral movement, credential theft, Kerberoasting, pass-the-hash).

• Demonstrated ability to work independently, prioritize tasks, and drive results without close supervision.

• Excellent written and verbal communication skills, including the ability to articulate technical risks to non-technical stakeholders.

• Experience in consulting or client-facing delivery roles.

• Bachelor’s degree in a relevant field or equivalent practical experience (4 additional years of pertinent experience).

• At least one of the following active certifications: CWNE, CNDA (EC-Council), CEH (EC-Council), GPPA (GIAC), GCUX (GIAC), GCWN (GIAC), GMON (GIAC), GSE (GIAC), ITIL v3 Foundations, CCSP (ISC2), CISSP (ISC2), CISSP-ISSAP (ISC2), CISSP-ISSEP (ISC2), SSCP (ISC2), GWEB (GIAC), GISF (GIAC), GISP (GIAC), GSSP-.NET (GIAC), GSSP-JAVA (GIAC), GSEC (GIAC), or GSLC (GIAC).

• Must be a US Citizen or Permanent Resident; eligibility and willingness to obtain a public trust clearance is required.

• All work must be conducted within the continental United States.

🏝️ Benefits

• Medical — A variety of POS health plan options, including an HSA-compatible plan.

• Dental — PPO coverage for preventive, basic, and major services.

• Vision — Annual examination, frames, lenses, and allowance for contact lenses.

• 401(k) — Employer matching contributions up to 5% of eligible compensation.

• PTO — 15–25 days annually based on tenure.

• Paid Federal Holidays — All 11 federal holidays are observed.