Description

Kroll's Cyber Data & Resilience practice is launching a specialized Next Generation SIEM and MDR Enablement Team focused on CrowdStrike LogScale and the broader Falcon platform. We are seeking a technically driven SIEM engineer with deep experience in CrowdStrike Falcon, LogScale, and automation who is passionate about building detection and visibility frameworks that redefine modern security operations.

As part of this new practice, you will:

• Design and deploy CrowdStrike LogScale environments for mid-market and enterprise clients.
• Build scalable data-ingestion pipelines and detection logic.

• Automate deployments and configuration using Terraform, Ansible, and PowerShell.

• Collaborate with threat detection, DFIR, and MDR teams to translate real-world incident insights into reusable detections and response playbooks.

This is a hands-on engineering role for someone who wants to shape the foundation of Kroll's CrowdStrike Next Gen SIEM offering.

Day-to-Day Responsibilities:

• Architect, deploy, and operationalize CrowdStrike LogScale for enterprise and managed clients.
• Integrate LogScale with Falcon modules (Prevent, Insight, Identity, Discover, Cloud Security).
• Develop custom detection logic, correlation rules, and visualization dashboards.
• Automate infrastructure and onboarding with Terraform, Ansible, and scripting in PowerShell / Python.
• Configure and manage multi-tenant environments via CrowdStrike Flight Control and Azure Lighthouse.
• Partner with Kroll's MDR analysts to fine-tune detections and response workflows.
• Create and maintain baseline configuration templates, reusable IaC modules, and API integrations.
• Document deployment procedures and contribute to accelerator development for repeatable client delivery.
• Support post-breach clients by enabling detection maturity and monitoring readiness.

Essential Traits:

• 3-6 years of hands-on experience in Security Operations, SIEM Engineering, or Detection Content Development.
• Proficiency with CrowdStrike Falcon and CrowdStrike LogScale (including schema design, pipeline configuration, and ingestion optimization).
• Strong skills in PowerShell, Python, or Terraform/Ansible for deployment automation.
• Experience integrating data sources and creating detection use cases across endpoint, identity, and cloud telemetry.
• Familiarity with Azure Lighthouse, Azure RBAC, and security policy automation.
• Understanding of Microsoft Defender Suite (Endpoint, Identity, Office 365) configuration.
• Excellent analytical, documentation, and communication skills.

Preferred Skills

• Experience with CrowdStrike Flight Control and multi-tenant MSSP architecture.
• Background in threat detection engineering, SOAR integration, or incident response automation.
• Familiarity with Power BI / Dataverse / PowerApps for operational dashboards.
• CrowdStrike certifications (CCFA, CCFR) or equivalent industry credentials (CISSP, GCTI, GCDA).

Your recruiter will be happy to walk you through your U.S.-specific benefits, which include:

• Healthcare Coverage: Comprehensive medical, dental, and vision plans.
• Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.
• Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.
• Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.
• Retirement Plans: 401(k) plans with company matching.

Please note that benefits may vary by region, department and role. We encourage you to speak with your recruiter to learn more about the specific benefits available for your position.
About Kroll

Kroll is the global leader in risk and financial advisory. Our Cyber Data & Resilience team helps clients anticipate, detect, and respond to threats while building lasting operational resilience. We combine decades of incident-response expertise with modern, AI-driven security platforms like CrowdStrike and Microsoft Defender to deliver measurable outcomes: faster detections, reduced risk, and smarter automation.

In order to be considered for a position, you must formally apply via careers.kroll.com

We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.

The current salary range for this position is $100,000 to $175,000

#LI-CN1

#LI-RemoteKroll is the global leader in risk and financial advisory. Our Cyber Data & Resilience team helps clients anticipate, detect, and respond to threats while building lasting operational resilience. We combine decades of incident-response expertise with modern, AI-driven security platforms like CrowdStrike and Microsoft Defender to deliver measurable outcomes: faster detections, reduced risk, and smarter automation.