What you'd actually do

Design, build, and maintain monitoring and synthetic test suites that provide deep visibility into the health of the entire NG-SIEM pipeline — from ingest through search and workflow execution — enabling rapid root cause analysis across component boundaries.

Engineer orchestrated scaling solutions that treat the NG-SIEM pipeline as a unified system, proportionally increasing resources across all dependent components (Kafka, ingest pipelines, downstream services) to eliminate cascading bottleneck patterns.

Serve as a subject matter expert during platform-wide incidents (P2 and above), applying cross-service knowledge to diagnose and resolve multi-component failures. Partake in follow-the-sun on-call rotations, providing incident commander coordination for critical platform-wide events.

Build and refine models for end-to-end capacity forecasting that account for all pipeline dimensions, including partner team dependencies (data services, GPS). Develop tooling to continuously track and surface cost drivers across the platform.

Transform manual standard operating procedures into automated remediation workflows — including pipeline-wide scaling responses, CID rebalancing, and infrastructure healing — with the goal of resolving issues before customers are impacted.

Skills

Required

software engineering
site reliability engineering
platform engineering
large-scale distributed systems
systems programming language (Go, Java, Rust, or C++)
scripting language (Python, Bash)
end-to-end observability
monitoring pipelines
SLIs/SLOs
dashboards
diagnose and resolve complex incidents
coordinated capacity planning
scaling
streaming platforms (Kafka or similar)
backpressure
partition management
consumer group dynamics
infrastructure-as-code
CI/CD pipelines
automated deployment practices
written and verbal communication skills

Nice to have

incident commander coordination

What the JD emphasized

own the reliability and scalability

security industry's largest SIEM platform

treating these as software engineering problems rather than purely operational ones

deep cross-service expertise and coordinated action

engineer who builds the observability, automation, and scaling systems that keep the entire platform performing

high-ownership technical leaders

mission: to stop breaches

10+ years of experience in software engineering, site reliability engineering, or platform engineering

significant time spent on large-scale distributed systems

ability to make pragmatic tradeoffs between short-term delivery needs and long-term platform goals

Deep experience with end-to-end observability

building monitoring pipelines, defining SLIs/SLOs, and creating dashboards that drive actionable insights across multi-service architectures

Demonstrated ability to diagnose and resolve complex incidents spanning multiple distributed components operating 24/7

Experience with coordinated capacity planning and scaling for systems with significant infrastructure footprints

Hands-on experience with streaming platforms (Kafka or similar) and understanding of backpressure, partition management, and consumer group dynamics at scale

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

Our mission is to make all of our customers' security-relevant data continuously available for automated detection and response, threat hunting, and other Falcon platform use cases. To enable this, the systems behind NG-SIEM (next-generation security information and event management) are growing to accommodate >100 PB of event and action data ingested every day, up to 10 years of retention, and dozens of millions of queries per hour across large sections of the data stored, for tens of thousands of customers.

As a Senior Engineer II on the newly established NG-SIEM EPICS (End-to-End Performance, Incident-response, Cost, and Scaling) team, you will own the reliability and scalability of the security industry's largest SIEM platform — treating these as software engineering problems rather than purely operational ones.

The NG-SIEM platform comprises many decoupled components interacting across complex pipelines. As we scale, ensuring end-to-end health across ingest, search, and workflow execution requires deep cross-service expertise and coordinated action. You will be the engineer who builds the observability, automation, and scaling systems that keep the entire platform performing — not just individual components. You will join a distributed team of high-ownership technical leaders who share a strong passion for our mission: to stop breaches.

This is a hybrid role based in one of our offices in London (United Kingdom), Aarhus (Denmark) or Dublin (Ireland) 2-3x a week.

What You'll Do:

End-to-end observability: Design, build, and maintain monitoring and synthetic test suites that provide deep visibility into the health of the entire NG-SIEM pipeline — from ingest through search and workflow execution — enabling rapid root cause analysis across component boundaries.
Coordinated scaling: Engineer orchestrated scaling solutions that treat the NG-SIEM pipeline as a unified system, proportionally increasing resources across all dependent components (Kafka, ingest pipelines, downstream services) to eliminate cascading bottleneck patterns.
Incident response engineering: Serve as a subject matter expert during platform-wide incidents (P2 and above), applying cross-service knowledge to diagnose and resolve multi-component failures. Partake in follow-the-sun on-call rotations, providing incident commander coordination for critical platform-wide events.
Capacity planning and cost management: Build and refine models for end-to-end capacity forecasting that account for all pipeline dimensions, including partner team dependencies (data services, GPS). Develop tooling to continuously track and surface cost drivers across the platform.
Automation and runbooks: Transform manual standard operating procedures into automated remediation workflows — including pipeline-wide scaling responses, CID rebalancing, and infrastructure healing — with the goal of resolving issues before customers are impacted.
Cross-team collaboration: Partner with cell-level teams, product engineering, GDI/3PI, and external stakeholders (e.g., CSM) to triage SLO breaches, drive problem management for large reliability efforts, and ensure consistent communication during incidents.
Platform improvements: Use your broad NG-SIEM knowledge to identify and drive systemic improvements across teams, contributing to the platform's long-term resilience and efficiency.

What You'll Need:

A passion for reliability engineering and curiosity about how large-scale running systems behave under pressure;
10+ years of experience in software engineering, site reliability engineering, or platform engineering, with significant time spent on large-scale distributed systems, and the ability to make pragmatic tradeoffs between short-term delivery needs and long-term platform goals;
Strong proficiency in at least one systems programming language (Go, Java, Rust, or C++) and one scripting language (Python, Bash);
Deep experience with end-to-end observability — building monitoring pipelines, defining SLIs/SLOs, and creating dashboards that drive actionable insights across multi-service architectures;
Demonstrated ability to diagnose and resolve complex incidents spanning multiple distributed components operating 24/7;
Experience with coordinated capacity planning and scaling for systems with significant infrastructure footprints;
Hands-on experience with streaming platforms (Kafka or similar) and understanding of backpressure, partition management, and consumer group dynamics at scale;
Familiarity with infrastructure-as-code, CI/CD pipelines, and automated deployment practices;
A can-do attitude — you thrive collaborating in a team and are not afraid of taking on responsibilities;
Strong written and verbal communication skills — you will lead incident communications and produce post-incident analyses that drive lasting improvements;
Comfort working across time zones with globally distributed teams.

Bonus Points:

Experience in a similar reliability or platform engineering role at a hyperscaler (AWS, Azure, GCP) or large-scale SaaS provider;
Track record of building automated remediation and self-healing infrastructure;
Experience with cost modeling and unit economics for large compute and storage footprints;
Familiarity with cloud-native architectures and serverless computing paradigms;
Hands-on experience operating platforms processing over 1 trillion events per day or more than 10 PB of data per day;
Exposure to or experience with Log Management, cybersecurity products, or security operations workflows;
Experience with disaster recovery planning and execution for multi-region systems.

#LI-SW1

#LI-MW1

**Benefits of Working at CrowdStrike: **

Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.