Sr. Windows Systems & Automation Engineer (Remote) jobs in United States
cer-icon
Apply on Employer Site
company-logo

CrowdStrike · 3 months ago

Sr. Windows Systems & Automation Engineer (Remote)

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date8+ years exp

CrowdStrike is a global leader in cybersecurity, dedicated to stopping breaches and redefining modern security with its AI-native platform. The company is seeking a Sr. Windows Systems & Automation Engineer who will be responsible for designing, automating, and securing large-scale enterprise environments, managing core Windows platform services, and leading automation across numerous endpoints and servers.

Artificial Intelligence (AI)Cloud Data ServicesCloud SecurityCyber SecurityNetwork Security
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Architect, operate, and harden Active Directory (multi‑forest, multi‑site), DNS/DHCP, and NPS/RADIUS for Wi‑Fi/VPN/802.1X (EAP‑TLS)
Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology
Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance
Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, credential hardening, and certificate deployment for EAP‑TLS/mTLS
Lead SCCM/MECM architecture and operations: Task Sequences/OSD, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting/CMPivot, and role‑based access
Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets
Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage
Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences
Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins)
Build self‑service patterns and APIs (golden images, desired‑state baselines, just‑in‑time access)
Design and operate enterprise PKI: policy‑driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale
Integrate with ADCS, AWS ACM / ACM Private CA, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert‑manager/ACME; enable EAP‑TLS, service mTLS, code‑signing, and device certs
Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS)
Build reproducible images and baseline configs for domain‑joined and cloud‑native instances
Hands‑on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos)
Familiarity with virtualization (VMware vSphere/Hyper‑V), backup/restore workflows, and operational monitoring

Qualification

Active DirectorySCCM/MECMWindows AutomationEndpoint SecurityPowerShellTerraformAWSGCPTroubleshootingSecurity Best PracticesDocumentationTeam Collaboration

Required

8+ years designing, building, and operating enterprise Windows platforms (server + endpoint); 8+ years owning AD, DNS/DHCP, NPS at large scale (10k+ endpoints or equivalent)
Proven track record delivering large‑scale SCCM (MECM) programs: OSD/Task Sequences, application packaging, SUP/WSUS patching at fleet scale, compliance baselines, and reporting
Experience Managing endpoint computing outcomes: high patch compliance, stable driver/firmware lifecycle, reduced login times, and resilient EAP‑TLS/Wi‑Fi/VPN experiences
Experience with PKI/CMaaS implementations (ADCS, ACM Private CA, GCP CAS, Venafi, Vault PKI, ACME) with automated issuance/renewal and expiry prevention
Experience with Automation/IaC (PowerShell/DSC, Terraform, Packer) with CI/CD and testing
Troubleshooting expertise: demonstrated success using Sysinternals, WPR/WPA, WinDbg, ETW/WEF, PerfMon, Wireshark, and Windows eventing to drive root cause and preventative engineering
Deep AWS experience for Windows workloads; practical GCP experience for Windows services
Strong security background: Windows hardening, least privilege/tiered admin, RBAC/PAM integration, WEF→SIEM pipelines, zero‑trust‑aligned patterns
Excellent docs/design writing; ability to lead through influence across Infra, Security, SRE, and Networking

Preferred

Experience with HA/DR/Backup at scale (cross‑region AD/DNS designs; Veeam/Rubrik/Cohesity; immutable backups and key management)
Demonstrated success with Enterprise Linux (RHEL/Ubuntu) automation (e.g., Ansible) and macOS at scale (e.g., Jamf), including certificate/SCEP integrations
Skills in IPAM/Infoblox and DHCP failover automation; DNS split‑horizon and API‑driven workflows
Experience with observability at scale (WEF subscriptions, SCOM, Prometheus Windows exporters), SLOs, and error budgets
Knowledge of compliance frameworks (SOC 2, ISO 27001) and evidence automation

Benefits

Remote-friendly and flexible work culture
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe

Company

CrowdStrike

twittertwittertwitter
Glassdoor4.2
company-logo
CrowdStrike is a cybersecurity technology firm that provides cloud-delivered protection for cloud workloads, identity, and data.
dateFounded in 2011
location
Sunnyvale, California, USA
people-size5001-10000 employees
web-link
http://www.crowdstrike.com

H1B Sponsorship

CrowdStrike has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (116)
2024 (62)
2023 (91)
2022 (60)
2021 (49)
2020 (22)

Funding

Current Stage
Public Company
Total Funding
$1.24B
Key Investors
ARK Investment ManagementAccelCapitalG
2022-12-01Post Ipo Equity· $4.6M
2021-01-12Post Ipo Debt· $750M
2019-06-12IPO

Leadership Team

leader-logo
George Kurtz
President / CEO & Founder
linkedin
leader-logo
Zeki Turedi
Field CTO Europe
linkedin

Recent News

thefly.com
CrowdStrike to acquire SGNL to transform identity security for AI era
2026-01-09
IT Pro
Startups get seal of approval from CrowdStrike, AWS, and Nvidia
2026-01-07
PR Newswire
SurePath AI Selected for the 2026 CrowdStrike, AWS & NVIDIA Cybersecurity Startup Accelerator
2026-01-06
Company data provided by crunchbase