Overview
Skills
Job Details
Job Title: Senior XDR/SIEM Engineer CrowdStrike Platform Specialist
Location: 100% Remote
Summary:
We are seeking a highly skilled Senior XDR/SIEM Engineer with deep expertise in the CrowdStrike Falcon platform, XDR integrations, and SIEM correlation engineering. The ideal candidate will have a strong background in security operations, threat detection, log correlation, and SOC use case development, and will play a critical role in architecting and advancing our detection, response, and visibility capabilities.
Key Responsibilities:
CrowdStrike XDR & SIEM Integration:
- Architect, implement, and manage integrations between CrowdStrike Falcon XDR and enterprise SIEM platforms (e.g., Splunk, Sentinel, QRadar, Exabeam).
- Customize and tune Falcon data ingestion and enrichment within SIEM tools to maximize visibility and performance.
- Enable bi-directional use of Falcon telemetry and enrichments to power detection workflows and incident response.
Security Use Case Engineering:
- Design and implement advanced security use cases and detection logic tailored to evolving threat landscapes.
- Build behavioral, anomaly-based, and threat intel-driven correlation rules within SIEM based on Falcon telemetry.
- Continuously improve use cases through purple teaming, threat hunts, and MITRE ATT&CK-based assessments.
Detection Engineering & Threat Content Development:
- Develop custom detections using Falcon s APIs, custom IOAs, and Falcon Fusion workflows.
- Build and maintain custom dashboards, alerts, queries, and reports for SOC use.
- Leverage CrowdStrike s Threat Graph, Intelligence, and Identity Protection modules to develop contextual detections.
SOC & Incident Response Enablement:
- Partner with the SOC to streamline alert triage, response, and escalation processes.
- Develop playbooks and enrichment pipelines (via SOAR or Falcon Fusion) for automated investigation and response.
- Provide subject matter expertise to help SOC analysts interpret complex detection scenarios.
Data Governance & Telemetry Optimization:
- Ensure log sources feeding into Falcon and SIEM are optimized for cost, performance, and security coverage.
- Work with internal teams (cloud, endpoint, network) to onboard and normalize new telemetry feeds.
- Manage log filtering, field mapping, and transformation pipelines to ensure SIEM efficiency.
Metrics, Reporting & Compliance:
- Support audit and compliance efforts by ensuring appropriate visibility, detections, and log retention policies.
- Produce regular reports on detection efficacy, false positives, and alert volumes.
- Participate in red/blue team exercises and ensure gaps are closed in detection logic.
Must-Have Skills:
- 5+ years of experience in SIEM engineering and security analytics.
- 3+ years hands-on experience with CrowdStrike Falcon, including XDR integrations, API usage, and detection tuning.
- Strong experience in security correlation rule development using tools like Splunk SPL, Kusto (Sentinel), or QRadar AQL.
- Deep knowledge of MITRE ATT&CK, threat detection frameworks, and advanced persistent threat behavior.
- Experience with SOAR platforms (e.g., XSOAR, Splunk SOAR, CrowdStrike Fusion workflows).
Preferred/Bonus Skills:
- CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR), or similar.
- Experience with EDR/XDR telemetry from other platforms (SentinelOne, Microsoft Defender, etc.) for cross-tech context.
- Familiarity with data lakes (e.g., Snowflake, Chronicle), UEBA, and Identity Threat Detection.
- Python or scripting experience for automation and custom enrichment logic.
- Experience in multi-cloud security monitoring (AWS, Azure, Google Cloud Platform).