Senior XDR/SIEM Engineer - REMOTE

Job Title: Senior XDR/SIEM Engineer CrowdStrike Platform Specialist

Location: 100% Remote

Summary:

We are seeking a highly skilled Senior XDR/SIEM Engineer with deep expertise in the CrowdStrike Falcon platform, XDR integrations, and SIEM correlation engineering. The ideal candidate will have a strong background in security operations, threat detection, log correlation, and SOC use case development, and will play a critical role in architecting and advancing our detection, response, and visibility capabilities.

Key Responsibilities:

CrowdStrike XDR & SIEM Integration:

• Architect, implement, and manage integrations between CrowdStrike Falcon XDR and enterprise SIEM platforms (e.g., Splunk, Sentinel, QRadar, Exabeam).
• Customize and tune Falcon data ingestion and enrichment within SIEM tools to maximize visibility and performance.
• Enable bi-directional use of Falcon telemetry and enrichments to power detection workflows and incident response.

Security Use Case Engineering:

• Design and implement advanced security use cases and detection logic tailored to evolving threat landscapes.
• Build behavioral, anomaly-based, and threat intel-driven correlation rules within SIEM based on Falcon telemetry.
• Continuously improve use cases through purple teaming, threat hunts, and MITRE ATT&CK-based assessments.

Detection Engineering & Threat Content Development:

• Develop custom detections using Falcon s APIs, custom IOAs, and Falcon Fusion workflows.
• Build and maintain custom dashboards, alerts, queries, and reports for SOC use.
• Leverage CrowdStrike s Threat Graph, Intelligence, and Identity Protection modules to develop contextual detections.

SOC & Incident Response Enablement:

• Partner with the SOC to streamline alert triage, response, and escalation processes.
• Develop playbooks and enrichment pipelines (via SOAR or Falcon Fusion) for automated investigation and response.
• Provide subject matter expertise to help SOC analysts interpret complex detection scenarios.

Data Governance & Telemetry Optimization:

• Ensure log sources feeding into Falcon and SIEM are optimized for cost, performance, and security coverage.
• Work with internal teams (cloud, endpoint, network) to onboard and normalize new telemetry feeds.
• Manage log filtering, field mapping, and transformation pipelines to ensure SIEM efficiency.

Metrics, Reporting & Compliance:

• Support audit and compliance efforts by ensuring appropriate visibility, detections, and log retention policies.
• Produce regular reports on detection efficacy, false positives, and alert volumes.
• Participate in red/blue team exercises and ensure gaps are closed in detection logic.

Must-Have Skills:

• 5+ years of experience in SIEM engineering and security analytics.
• 3+ years hands-on experience with CrowdStrike Falcon, including XDR integrations, API usage, and detection tuning.
• Strong experience in security correlation rule development using tools like Splunk SPL, Kusto (Sentinel), or QRadar AQL.
• Deep knowledge of MITRE ATT&CK, threat detection frameworks, and advanced persistent threat behavior.
• Experience with SOAR platforms (e.g., XSOAR, Splunk SOAR, CrowdStrike Fusion workflows).

Preferred/Bonus Skills:

• CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR), or similar.
• Experience with EDR/XDR telemetry from other platforms (SentinelOne, Microsoft Defender, etc.) for cross-tech context.
• Familiarity with data lakes (e.g., Snowflake, Chronicle), UEBA, and Identity Threat Detection.
• Python or scripting experience for automation and custom enrichment logic.
• Experience in multi-cloud security monitoring (AWS, Azure, Google Cloud Platform).