We are seeking a CrowdStrike Administrator with at least 4 years of hands-on CrowdStrike experience to join a small team in the design, deployment, and optimization of the CrowdStrike platform for a DoD organization. This role will help stand up and mature an initial pilot focused on Oracle Cloud Infrastructure (OCI), and managed endpoints across a global enterprise, with a small AWS footprint as well. The expectation is to eventually scale the solution from pilot to full enterprise deployment. The administrator will serve as a technical contributor to architecture, policy design, integration, automation, and operational readiness. This position is ideal for a hands-on practitioner who can execute reliably in a structured, mission-focused environment.

Key Responsibilities

• Contribute to technical design and implementation of the CrowdStrike platform for a pilot deployment across cloud and endpoint environments. Post-deployment, provide ongoing operations and maintenance (O&M) for the platform.
• Experience with full module deployment of CrowdStrike (Falcon Prevent, Insight, Insight XDR, Spotlight, Discover, Device Control, Cloud Security, Identity Protection, FileVantage [FIM], Data Protection, Falcon for IT, Exposure Management, Falcon for Mobile, Falcon Foundry, Falcon X Recon, Falcon Search Retention, Falcon Sandbox).
• Administer CrowdStrike policies, host groups, prevention settings, exclusions, user roles, and platform configurations.
• Support rollout of the pilot across cloud-connected workloads and managed endpoints in multiple geographic regions.
• Validate sensor health, deployment status, asset coverage, and operational reporting. Tune detections and prevention policies to balance security effectiveness and operational impact.
• Integrate CrowdStrike with enterprise security tooling such as SIEM, SOAR, ITSM, vulnerability management, and asset inventory platforms.
• Assist with onboarding of AWS and OCI assets into the CrowdStrike operating model.
• Create automation for deployment, monitoring, reporting, and operational workflows using scripting and infrastructure/platform tooling.
• Monitor alerts, investigate events, and perform initial triage and escalation in coordination with engineering and security operations teams.
• Develop dashboards, metrics, and reports for pilot performance, adoption, coverage, and risk reduction.
• Produce engineering documentation, implementation plans, SOPs, runbooks, and transition artifacts for steady-state operations.
• Work within Agile project teams, attending ceremonies (stand-ups, sprints, retrospectives) and using Jira for ticketing, backlog tracking, and documentation.
• Ensure alignment with DoD cybersecurity requirements, enterprise governance, and operational constraints, especially Zero Trust requirements.
• Mentor junior administrators and support knowledge transfer into steady-state operations.
• Other duties as assigned and operationally required.

Required Qualifications

• 6+ years of experience in cybersecurity, endpoint security, systems security, or security engineering.
• 4+ years of hands-on experience with CrowdStrike administration, engineering, deployment, or platform operations.
• Experience supporting policy management, alert triage, endpoint deployment, and platform health monitoring. The most competitive candidates will have endpoint security experience with Trellix as well.
• Familiarity with enterprise endpoint environments and remote/global workforce support.
• Working knowledge of OCI and/or OCI security and operational concepts.
• Experience with security operations processes, ticketing, documentation, and escalation workflows.
• Familiarity with DoD or federal cybersecurity frameworks and operational environments.
• Minimum Secret clearance and ability to meet DoD 8140 privileged access requirements.
• Strong analytical and problem-solving skills; detail-oriented with a focus on operational excellence.
• Skilled communicator, able to collaborate with IT, cybersecurity, and mission teams in written and verbal communications with a positive attitude and customer-first approach.
• Proactive learner—stays current on CrowdStrike and endpoint security operations best practices.

Preferred Qualifications

• Prior experience with Trellix (formerly McAfee Enterprise) endpoint security tools and migration or coexistence planning.
• Experience leading pilots, proofs of value, or phased enterprise rollouts of security platforms, as well as experience with large-scale global endpoint environments.
• Relevant certifications (including, but not limited to, Security+, CySA+, CASP+, CISSP, AWS Security Specialty, CrowdStrike, OCI, etc. certifications). Note that this is in addition to the required DoD 8140 certification(s).
• Experience with scripting or automation (e.g., PowerShell, Python, Bash) for deployment and administration.
• Experience with SIEM integrations and operational reporting.
• Familiarity with DoD cybersecurity operations, RMF-aligned environments, or federal security requirements.