Principal Engineer, Cloud Content (Hybrid)

As a global leader in cybersecurity CrowdStrike protects the people processes and technologies that drive modern organizations. Since 2011 our mission hasnt changed were here to stop breaches and weve redefined modern security with the worlds most advanced AI-native platform. We work on large scale distributed systems processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries and they count on CrowdStrike to keep their businesses running their communities safe and their lives moving forward. Were also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. Were always looking to add talented CrowdStrikers to the team who have limitless passion a relentless focus on innovation and a fanatical commitment to our customers our community and each other. Ready to join a mission that matters The future of cybersecurity starts with you.

About the Role:

CrowdStrike is seeking a Principal Engineer that will operate as the senior technical authority for cloud threat detection. This role owns the design of cloud-native detection logic advanced telemetry pipelines cloud attack-surface visibility and real-time threat-detection capabilities across public clouds. The Principal engineer role drives deep technical initiatives: building detection-as-code frameworks researching emerging cloud-native threats designing scalable detection architectures and leading complex cloud-focused investigations.

This role sets the technical bar for cloud detection engineering influences platform and cloud-architecture decisions and ensures the entire detection stack is aligned to adversary tradecraft in modern cloud environments. This is expected to define technical direction solve problems no one else can and create durable mechanisms that raise detection quality and velocity across the cloud ecosystem.

This role is hybrid requiring 2-3 days per week on-site at one of the posted locations.

What Youll Do:

• Architect build and optimize cloud detection pipelines: telemetry ingestion log processing alerting detection-as-code workflows and automated analysis frameworks.

• Develop advanced detections for cloud-native threats: IAM misconfigurations lateral movement across cloud services runtime/container attacks serverless abuse data-exfiltration patterns persistence mechanisms and cloud control-plane manipulation.

• Lead cloud threat research: track emergent attacker tradecraft cloud-native TTPs abuse of managed services supply-chain risks ephemeral compute patterns and multi-cloud attack surfaces.

• Conduct advanced investigations involving cloud logs control-plane events network telemetry and container/runtime signals.

• Collaborate deeply with cloud engineering platform teams and DevOps to embed telemetry early in design instrumentation log generation audit events and detection hooks across cloud services.

• Recommend and drive enhancements to cloud observability and detection coverage backed by analysis of gaps adversary opportunities and telemetry blind spots.

• Influence architectural decisions and strategic initiatives through data technical depth and adversary-focused perspectives.

• Mentor other detection engineers by setting standards for detection logic code quality cloud telemetry hygiene and investigation methodology.

What Youll Need:

• 8 to 15 years of experience in cloud threat detection cloud security engineering incident response threat hunting or equivalent.

• Strong expertise with AWS and at least one of Azure or GCP; deep knowledge of cloud control-plane events service logs runtime/container ecosystems and network architectures.

• Proven ability to design and deliver high-fidelity cloud detections in large-scale environments with understanding of FP/FN trade-offs and detection-as-code methodologies.

• Strong engineering ability: Python Go or equivalent languages; familiarity with CI/CD infrastructure-as-code and cloud automation.

• Demonstrated ability to lead complex cloud investigations and turn findings into durable detection logic.

• Strong understanding of cloud threat models: identity-based attacks misconfiguration abuse boundary-less lateral movement data-exfiltration paths and cloud service exploitation.

• Ability to influence platform teams propose architectural improvements and advocate for telemetry and detection requirements with clear rationale and evidence.

Bonus Points:

• Experience with multi-cloud detection architectures at scale.

• Experience building detection testing frameworks or automated validation pipelines.

• Deep familiarity with attacker tradecraft targeting cloud infrastructure.

• Strong communication skills; concise technical grounded in adversary behavior and detection outcomes.

#LI-DR1

#LI-Hybrid

#HTF

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs

• Competitive vacation and holidays for recharge

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks geographic neighborhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race color creed ethnicity religion sex (including pregnancy or pregnancy-related medical conditions) sexual orientation gender identity marital or family status veteran status age national origin ancestry physical disability (including HIV and AIDS) mental disability medical condition genetic information membership or activity in a local human rights commission status with regard to public assistance or any other characteristic protected by law. We base all employment decisions--including recruitment selection training compensation benefits discipline promotions transfers lay-offs return from lay-off terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation please contact us at for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

For detailed information about the U.S. benefits package please click here.