Windows Endpoint Engineer
Stairwell$160,000 - $180,000/year
Full Time
Senior (5 to 8 years)
Not SpecifiedCompensation
N/AExperience Level
N/AJob Type
Not SpecifiedVisa
N/AIndustries
Requirements
- 8+ years of experience designing, building, and operating large-scale enterprise Windows platforms (server and endpoint)
- Experience owning Active Directory (AD), DNS/DHCP, and NPS at large scale (10k+ endpoints or equivalent)
- Strong expertise in Windows Server, including server and endpoint management
- Experience with Active Directory, DNS/DHCP, and NPS configuration, management, and troubleshooting
- Familiarity with Windows Server 2019, 2022, and 2030
- Experience with SCCM, MECM, and task sequences
- Knowledge of endpoint security baselines, BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, and certificate deployment for EAP-TLS/MTLS
- Experience with endpoint lifecycle management, including imaging, OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance
- Strong understanding of endpoint security, including BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, and certificate deployment for EAP-TLS/MTLS
- Experience with leading SCCM/MECM architecture and operations, including task sequences, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting, and role-based access
- Knowledge of release rings, maintenance windows, and measurable patch compliance SLOs across large fleets
- Experience with deep diagnostics, including Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture
- Strong understanding of automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance
- Experience with building self-service patterns and APIs (golden images, desired-state baselines, just-in-time access)
- Knowledge of enterprise PKI, including policy-driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale
- Experience with integrating with ADCS, AWS ACM/AKM, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert-manager/ACME; enable EAP-TLS, service mTLS, code-signing, and device certs
- Familiarity with virtualization (VMware vSphere/Hyper-V), backup/restore workflows, and operational monitoring
- Experience with hands-on Windows server operations (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos)
- Strong understanding of virtualization (VMware vSphere/Hyper-V), backup/restore workflows, and operational monitoring
- Experience with reproducible images and baseline configs for domain-joined and cloud-native instances
Responsibilities
- Architect, operate, and harden Active Directory (multi-forest, multi-site) for Wi-Fi/VPN/802.1X (EAP-TLS)
- Lead GPO strategy, OU design, admin tiering, delegation, and AD replication/site topology
- Own endpoint lifecycle at scale: imaging/OSD, driver/firmware management, software packaging/distribution, update rings, device health/telemetry, and fleet compliance
- Engineer endpoint security baselines: BitLocker, LAPS, WDAC/AppLocker, Defender/EDR integrations, and certificate deployment for EAP-TLS/MTLS
- Lead SCCM/MECM architecture and operations: task sequences, app packaging, SUP/WSUS patching, compliance baselines, collections, reporting, and role-based access
- Drive release rings, maintenance windows, and measurable patch compliance SLOs across large fleets
- Triage and resolve complex endpoint/server issues: logon slowness, BSODs/hangs, app crashes, update/install failures, 802.1X/RADIUS auth problems, and TLS/certificate breakage
- Use deep diagnostics: Sysinternals (ProcMon/ProcExp/Autoruns), Windows Performance Toolkit (WPR/WPA), WinDbg/WER, ETW/WEF, PerfMon, Wireshark, and netsh/packet capture to find root causes and prevent recurrences
- Deliver automation (PowerShell, PowerShell DSC, Terraform, Packer) for provisioning, configuration, drift control, and compliance—with CI/CD (GitHub Actions/GitLab/Jenkins)
- Build self-service patterns and APIs (golden images, desired-state baselines, just-in-time access)
- Design and operate enterprise PKI: policy-driven issuance/renewal, inventory/attestation, CRL/OCSP, and revocation at scale
- Integrate with ADCS, AWS ACM/AKM, GCP Certificate Authority Service, Venafi, HashiCorp Vault PKI, cert-manager/ACME; enable EAP-TLS, service mTLS, code-signing, and device certs
- Standardize and harden Windows workloads in AWS (EC2/SSM/KMS/IAM/ACM/Directory Service/Route 53) and GCP (Managed Microsoft AD, GCE, Cloud DNS/KMS/CAS)
- Build reproducible images and baseline configs for domain-joined and cloud-native instances
- Hands-on Windows server ops (storage/SMB, DFS, file/print), performance tuning, and core network triage (DHCP/DNS/Kerberos)
- Experience with virtualization (VMware vSphere/Hyper-V), backup/restore workflows, and operational monitoring
Skills
Crowdstrike
Cloud-native endpoint security solutions provider
About Crowdstrike
CrowdStrike specializes in cybersecurity, focusing on protecting businesses from cyber threats through cloud-native endpoint security solutions. Their main product, the Falcon platform, includes services like Falcon Pro, which replaces traditional antivirus with next-generation antivirus that integrates threat intelligence, Falcon Insight for endpoint detection and response, and Falcon Device Control to manage connected devices. Unlike many competitors, CrowdStrike's services are subscription-based, allowing clients to choose different levels of protection based on their needs. The company serves a diverse clientele, including many Fortune 100 companies, and is recognized as a leader in the cybersecurity field, known for its effectiveness in threat detection and response.
Austin, TexasHeadquarters
2011Year Founded
$468MTotal Funding
IPOCompany Stage
Enterprise Software, CybersecurityIndustries
5,001-10,000Employees
Benefits
Competitive Employee Stock Purchase Plan
Remote-friendly culture
Market leader in compensation and equity awards
Competitive vacation and flexible working arrangements
Comprehensive health benefits + 401k plan
Paid Parental Leave, including adoption
Wellness programs
Professional development and mentorship opportunities
Open offices have stocked kitchens, coffee, soda and treats
Risks
Increased competition from companies like Lumos could challenge CrowdStrike's market share.
Recovery from last year's outage may still affect customer trust and future sales.
Pressure to demonstrate ROI by 2025 could challenge CrowdStrike's financial transparency.
Differentiation
CrowdStrike's Falcon platform offers cloud-native endpoint security solutions, a key differentiator.
The company serves 44 of the Fortune 100, showcasing its strong market presence.
CrowdStrike's proactive threat hunting sets it apart in cybersecurity threat detection.
Upsides
Partnership with SonicWall opens new SMB market segment for CrowdStrike.
Recognition as a leader in ransomware prevention boosts CrowdStrike's market credibility.
Gamified learning initiatives help address cybersecurity skills gap, benefiting future talent pipeline.
Related Jobs
RemoteRemoteSolution Architect - Modern Work (Mergers and Migrations)
RPS North AmericaSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteIT Engineer
ChainguardSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior IT Engineer
Grow TherapySalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSystem Administrator
AtticusSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSystems Support Engineer (Mid Shift & Weekend Shift)
Keeper SecuritySalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)