As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:
CrowdStrike is seeking a Principal Engineer that will operate as the senior technical authority for cloud threat detection. This role owns the design of cloud-native detection logic, advanced telemetry pipelines, cloud attack-surface visibility, and real-time threat-detection capabilities across public clouds. The Principal engineer role drives deep technical initiatives: building detection-as-code frameworks, researching emerging cloud-native threats, designing scalable detection architectures, and leading complex cloud-focused investigations.
This role sets the technical bar for cloud detection engineering, influences platform and cloud-architecture decisions, and ensures the entire detection stack is aligned to adversary tradecraft in modern cloud environments. This is expected to define technical direction, solve problems no one else can, and create durable mechanisms that raise detection quality and velocity across the cloud ecosystem.
This role is hybrid, requiring 2-3 days per week on-site at one of the posted locations.
What You'll Do:
- Architect, build, and optimize cloud detection pipelines: telemetry ingestion, log processing, alerting, detection-as-code workflows, and automated analysis frameworks.
- Develop advanced detections for cloud-native threats: IAM misconfigurations, lateral movement across cloud services, runtime/container attacks, serverless abuse, data-exfiltration patterns, persistence mechanisms, and cloud control-plane manipulation.
- Lead cloud threat research: track emergent attacker tradecraft, cloud-native TTPs, abuse of managed services, supply-chain risks, ephemeral compute patterns, and multi-cloud attack surfaces.
- Conduct advanced investigations involving cloud logs, control-plane events, network telemetry, and container/runtime signals.
- Collaborate deeply with cloud engineering, platform teams, and DevOps to embed telemetry early in design — instrumentation, log generation, audit events, and detection hooks across cloud services.
- Recommend and drive enhancements to cloud observability and detection coverage, backed by analysis of gaps, adversary opportunities, and telemetry blind spots.
- Influence architectural decisions and strategic initiatives through data, technical depth, and adversary-focused perspectives.
- Mentor other detection engineers by setting standards for detection logic, code quality, cloud telemetry hygiene, and investigation methodology.
What You'll Need:
- 8 to 15+ years of experience in cloud threat detection, cloud security engineering, incident response, threat hunting, or equivalent.
- Strong expertise with AWS and at least one of Azure or GCP; deep knowledge of cloud control-plane events, service logs, runtime/container ecosystems, and network architectures.
- Proven ability to design and deliver high-fidelity cloud detections in large-scale environments, with understanding of FP/FN trade-offs and detection-as-code methodologies.
- Strong engineering ability: Python, Go, or equivalent languages; familiarity with CI/CD, infrastructure-as-code, and cloud automation.
- Demonstrated ability to lead complex cloud investigations and turn findings into durable detection logic.
- Strong understanding of cloud threat models: identity-based attacks, misconfiguration abuse, boundary-less lateral movement, data-exfiltration paths, and cloud service exploitation.
- Ability to influence platform teams, propose architectural improvements, and advocate for telemetry and detection requirements with clear rationale and evidence.
Bonus Points:
- Experience with multi-cloud detection architectures at scale.
- Experience building detection testing frameworks or automated validation pipelines.
- Deep familiarity with attacker tradecraft targeting cloud infrastructure.
- Strong communication skills; concise, technical, grounded in adversary behavior and detection outcomes.
#LI-DR1
#LI-Hybrid
**Benefits of Working at CrowdStrike: **
- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world class amenities
- Great Place to Work Certified™ across the globe
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.