Senior Manager - CrowdStrike Identity Architect
Kroll · United States · 3 wk ago
RemoteRemoteArt & Creative$150k–$200k/yrFull-time
About the role
Kroll is seeking a Manager or Senior Manager to lead the CrowdStrike Falcon Identity Security consulting practice. This role combines cyber risk consultancy with the latest AI-native platform to deliver faster outcomes, stronger protection, and greater resilience for organizations worldwide.
Responsibilities
- Assess lead identity security current-state assessments across hybrid environments, quantifying exposure from stale accounts, shadow admins, weak/duplicate credentials, unconstrained delegation, ADCS misconfiguration, overprovisioned non-human identities, and risky conditional access gaps.
- Run Falcon Identity hygiene assessments to baseline client posture, prioritize findings by business risk, and produce executive-ready remediation roadmaps tied to Zero Trust and NIST/CIS reference frameworks.
- Evaluate existing IAM, PAM, and MFA tooling against Falcon Next-Gen Identity Security capabilities to inform consolidation, replacement, or coexistence strategies.
- Architect end-to-end architectures for Falcon Identity Protection deployments, including sensor placement, domain controller coverage, identity risk scoring, conditional access policy, and integration with Entra ID, Okta, and SaaS identity providers.
- Design Falcon Privileged Access rollouts to eliminate standing privileges and enable just-in-time access across Entra ID, on-prem AD, and local systems, with intuitive role-based labels and Microsoft Teams / Falcon Fusion SOAR integration.
- Design FalconID phishing-resistant MFA rollouts (FIDO2, Falcon for Mobile), including device enrollment strategy, proximity-based authentication, and risk-aware policy tied to telemetry from across the Falcon platform.
- Define integration patterns for Falcon Identity telemetry into Falcon Next-Gen SIEM (LogScale) and identity-driven case management workflows.
- Produce target-state reference architectures, sequencing plans, and migration runbooks tailored to client maturity, scale, and regulatory profile.
- Personally configure and deploy Falcon Identity Protection, Falcon Privileged Access, and FalconID in client environments, including sensor rollout, policy tuning, conditional access enforcement, MFA enrollment, and JIT/PAM workflow buildout.
- Operationalize identity-driven case management inside Falcon Next-Gen SIEM, including cross-domain enrichment from endpoint, cloud, and SaaS telemetry.
- Stand up automation through Falcon Fusion SOAR for identity response actions (auto-MFA, JIT revocation, session termination, password reset, account containment).
- Support cutover from legacy IAM/PAM/MFA tooling with rollback plans, parallel-run validation, and end-user adoption playbooks.
- Advise as a trusted advisor to CISOs, Identity Architects, IAM leaders, and Boards on identity strategy, Zero Trust roadmap, and the transition to AI-era identity security (human, non-human, and AI agent identities).
- Translate technical identity posture into business risk language and prioritize investment recommendations.
- Partner with CrowdStrike account teams on identity-focused pre-sales scoping, solution design, proposal development, and joint go-to-market motions.
- Customize and build custom CQL content, identity-focused detections, and Fusion SOAR playbooks reusable across Kroll engagements.
- Build custom Charlotte AI prompts and agentic workflows for identity use cases (risk triage, access reviews, executive risk reporting).
- Integrate Falcon Identity with HRIS / ITSM / governance platforms to automate joiner/mover/leaver, access certification, and access request workflows.
- Develop assessment templates, deployment runbooks, design patterns, and delivery enablement that scale the practice and accelerate every subsequent engagement.
- Mentor consultants and senior consultants delivering identity work.
- Contribute to Kroll’s published thought leadership on identity security, AI agent governance, and hybrid identity modernization.
Requirements
- 5+ years (Manager) or 7+ years (Senior Manager) of hands-on experience across identity security, IAM, PAM, or MFA — with meaningful operational ownership of Active Directory, Entra ID, Okta, or equivalent identity platforms in enterprise environments.
- Hands-on experience with the CrowdStrike Falcon platform, including Falcon Identity Protection.
- Working knowledge of Falcon Insight (EDR) and Falcon Next-Gen SIEM / LogScale is required.
- Demonstrated experience assessing, architecting, and implementing identity solutions in hybrid environments — not just operating them.
- Strong working knowledge of identity protocols and standards: SAML, OIDC, OAuth 2.0, SCIM, FIDO2/WebAuthn, Kerberos, LDAP.
- Experience designing or deploying modern PAM (CyberArk, BeyondTrust, Delinea, Falcon Privileged Access, or equivalent) and MFA solutions (FIDO2, Duo, Okta Verify, Microsoft Authenticator, YubiKey).
- Working understanding of the identity attack surface Falcon Identity defends against (Kerberoasting, AS-REP roasting, DCSync, NTLM relay, ADCS abuse, OAuth/token abuse, AiTM phishing, MFA fatigue) so architecture and detection decisions are grounded in attacker reality.
- Hands-on scripting and query proficiency: PowerShell, Python, CQL (CrowdStrike Query Language); KQL a plus.
- Prior consulting delivery experience — scoping, leading, and personally executing engagements for external clients.
- Demonstrated ability to brief CISOs, Identity Architects, and executive stakeholders in business terms.
- Bachelor’s degree in a relevant field or equivalent professional experience.
Preferred Qualifications
- CrowdStrike Certified Identity Specialist (CCIS) certification — strongly preferred.
- Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCCS.
- Identity-focused industry certifications: Microsoft SC-300, Okta Certified Professional/Administrator/Consultant, SailPoint IdentityIQ/IdentityNow, CyberArk CDE/Sentry/Guardian, CISSP.
- Experience with Charlotte AI agentic workflows and Falcon Fusion SOAR automation for identity use cases.
- Experience designing non-human and AI agent identity governance — service account hardening, secret-less authentication, AI agent privilege scoping, shadow AI discovery.
- Experience deploying or migrating to identity-driven case management in Falcon Next-Gen SIEM with cross-domain correlation across identity, endpoint, cloud, and SaaS.
- Prior tier-1 consulting experience (Big 4, CrowdStrike Services, Mandiant, Unit 42, or equivalent).
- Speaking or writing on identity security (Fal.Con, Gartner IAM Summit, Identiverse, RSA, FS-ISAC).
- Experience supporting M&A identity due diligence or post-acquisition tenant consolidation.