CrowdStrike Administrator
Positions
CrowdStrike Administrator
Employment:
Full-time
Setup:
WFH
Executive Operations is seeking an experienced CrowdStrike Administrator to manage, optimize, and support the organization’s endpoint detection and response (EDR) environment. The ideal candidate will be responsible for the deployment, configuration, monitoring, and maintenance of CrowdStrike Falcon solutions to ensure continuous protection across endpoints and servers.
Key Responsibilities
Administer and maintain CrowdStrike Falcon EDR platform, ensuring all endpoints are correctly onboarded, updated, and protected.
Monitor dashboards and alerts for suspicious activities, correlate findings with SIEM (e.g., Microsoft Sentinel, Splunk), and escalate potential incidents.
Develop, implement, and fine-tune custom detection rules (IOCs/IOAs) to improve threat visibility and detection coverage.
Collaborate with SOC analysts to perform incident triage, forensic analysis, and remediation based on Falcon detections.
Integrate CrowdStrike with security tools and automation workflows, including SIEM, SOAR, and vulnerability management platforms.
Perform policy configuration and tuning (prevention policies, sensor groups, exclusions) to reduce false positives and improve efficiency.
Conduct threat hunting activities using Falcon Insight and Falcon Discover to proactively identify anomalies.
Generate and maintain detailed reports on endpoint health, incident response, and platform performance.
Ensure compliance with security frameworks such as NIST, ISO 27001, and SOC 2.
Coordinate sensor deployment across hybrid environments (Windows, macOS, Linux, and cloud workloads).
Provide support during security audits, incident response exercises, and tabletop simulations.
Stay current with CrowdStrike product updates, threat intelligence trends, and best practices in endpoint security.
Requirements
Essential Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent experience.
3–5 years of experience in endpoint security, SOC operations, or EDR platform administration.
Hands-on experience managing CrowdStrike Falcon (sensor deployment, policy management, threat investigation).
Strong understanding of incident response, malware analysis, and endpoint protection principles.
Familiarity with Windows and Linux OS internals, registry, and process-level analysis.
Experience with PowerShell, Python, or API integrations for automation.
Strong analytical, troubleshooting, and documentation skills.
Ability to collaborate with IT and Security teams in a remote and fast-paced environment.
Preferred Qualifications:
CrowdStrike Certified Falcon Administrator (CCFA) or equivalent certification.
Experience integrating EDR with Microsoft Sentinel, Splunk, or SOAR tools.
Exposure to threat intelligence, hunting, or digital forensics.
Knowledge of Zero Trust frameworks, MITRE ATT&CK, and SIEM correlation logic.
