Jobs · Art & Creative

Senior Manager - CrowdStrike Identity Architect

Kroll · United States · 3 wk ago
RemoteRemoteArt & Creative$150k–$200k/yrFull-time

About the role

Kroll is seeking a Manager or Senior Manager to lead the CrowdStrike Falcon Identity Security consulting practice. This role combines cyber risk consultancy with the latest AI-native platform to deliver faster outcomes, stronger protection, and greater resilience for organizations worldwide.

Responsibilities

  • Assess lead identity security current-state assessments across hybrid environments, quantifying exposure from stale accounts, shadow admins, weak/duplicate credentials, unconstrained delegation, ADCS misconfiguration, overprovisioned non-human identities, and risky conditional access gaps.
  • Run Falcon Identity hygiene assessments to baseline client posture, prioritize findings by business risk, and produce executive-ready remediation roadmaps tied to Zero Trust and NIST/CIS reference frameworks.
  • Evaluate existing IAM, PAM, and MFA tooling against Falcon Next-Gen Identity Security capabilities to inform consolidation, replacement, or coexistence strategies.
  • Architect end-to-end architectures for Falcon Identity Protection deployments, including sensor placement, domain controller coverage, identity risk scoring, conditional access policy, and integration with Entra ID, Okta, and SaaS identity providers.
  • Design Falcon Privileged Access rollouts to eliminate standing privileges and enable just-in-time access across Entra ID, on-prem AD, and local systems, with intuitive role-based labels and Microsoft Teams / Falcon Fusion SOAR integration.
  • Design FalconID phishing-resistant MFA rollouts (FIDO2, Falcon for Mobile), including device enrollment strategy, proximity-based authentication, and risk-aware policy tied to telemetry from across the Falcon platform.
  • Define integration patterns for Falcon Identity telemetry into Falcon Next-Gen SIEM (LogScale) and identity-driven case management workflows.
  • Produce target-state reference architectures, sequencing plans, and migration runbooks tailored to client maturity, scale, and regulatory profile.
  • Personally configure and deploy Falcon Identity Protection, Falcon Privileged Access, and FalconID in client environments, including sensor rollout, policy tuning, conditional access enforcement, MFA enrollment, and JIT/PAM workflow buildout.
  • Operationalize identity-driven case management inside Falcon Next-Gen SIEM, including cross-domain enrichment from endpoint, cloud, and SaaS telemetry.
  • Stand up automation through Falcon Fusion SOAR for identity response actions (auto-MFA, JIT revocation, session termination, password reset, account containment).
  • Support cutover from legacy IAM/PAM/MFA tooling with rollback plans, parallel-run validation, and end-user adoption playbooks.
  • Advise as a trusted advisor to CISOs, Identity Architects, IAM leaders, and Boards on identity strategy, Zero Trust roadmap, and the transition to AI-era identity security (human, non-human, and AI agent identities).
  • Translate technical identity posture into business risk language and prioritize investment recommendations.
  • Partner with CrowdStrike account teams on identity-focused pre-sales scoping, solution design, proposal development, and joint go-to-market motions.
  • Customize and build custom CQL content, identity-focused detections, and Fusion SOAR playbooks reusable across Kroll engagements.
  • Build custom Charlotte AI prompts and agentic workflows for identity use cases (risk triage, access reviews, executive risk reporting).
  • Integrate Falcon Identity with HRIS / ITSM / governance platforms to automate joiner/mover/leaver, access certification, and access request workflows.
  • Develop assessment templates, deployment runbooks, design patterns, and delivery enablement that scale the practice and accelerate every subsequent engagement.
  • Mentor consultants and senior consultants delivering identity work.
  • Contribute to Kroll’s published thought leadership on identity security, AI agent governance, and hybrid identity modernization.

Requirements

  • 5+ years (Manager) or 7+ years (Senior Manager) of hands-on experience across identity security, IAM, PAM, or MFA — with meaningful operational ownership of Active Directory, Entra ID, Okta, or equivalent identity platforms in enterprise environments.
  • Hands-on experience with the CrowdStrike Falcon platform, including Falcon Identity Protection.
  • Working knowledge of Falcon Insight (EDR) and Falcon Next-Gen SIEM / LogScale is required.
  • Demonstrated experience assessing, architecting, and implementing identity solutions in hybrid environments — not just operating them.
  • Strong working knowledge of identity protocols and standards: SAML, OIDC, OAuth 2.0, SCIM, FIDO2/WebAuthn, Kerberos, LDAP.
  • Experience designing or deploying modern PAM (CyberArk, BeyondTrust, Delinea, Falcon Privileged Access, or equivalent) and MFA solutions (FIDO2, Duo, Okta Verify, Microsoft Authenticator, YubiKey).
  • Working understanding of the identity attack surface Falcon Identity defends against (Kerberoasting, AS-REP roasting, DCSync, NTLM relay, ADCS abuse, OAuth/token abuse, AiTM phishing, MFA fatigue) so architecture and detection decisions are grounded in attacker reality.
  • Hands-on scripting and query proficiency: PowerShell, Python, CQL (CrowdStrike Query Language); KQL a plus.
  • Prior consulting delivery experience — scoping, leading, and personally executing engagements for external clients.
  • Demonstrated ability to brief CISOs, Identity Architects, and executive stakeholders in business terms.
  • Bachelor’s degree in a relevant field or equivalent professional experience.

Preferred Qualifications

  • CrowdStrike Certified Identity Specialist (CCIS) certification — strongly preferred.
  • Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCCS.
  • Identity-focused industry certifications: Microsoft SC-300, Okta Certified Professional/Administrator/Consultant, SailPoint IdentityIQ/IdentityNow, CyberArk CDE/Sentry/Guardian, CISSP.
  • Experience with Charlotte AI agentic workflows and Falcon Fusion SOAR automation for identity use cases.
  • Experience designing non-human and AI agent identity governance — service account hardening, secret-less authentication, AI agent privilege scoping, shadow AI discovery.
  • Experience deploying or migrating to identity-driven case management in Falcon Next-Gen SIEM with cross-domain correlation across identity, endpoint, cloud, and SaaS.
  • Prior tier-1 consulting experience (Big 4, CrowdStrike Services, Mandiant, Unit 42, or equivalent).
  • Speaking or writing on identity security (Fal.Con, Gartner IAM Summit, Identiverse, RSA, FS-ISAC).
  • Experience supporting M&A identity due diligence or post-acquisition tenant consolidation.

Similar jobs

Senior AI Manager

Honeywell AerospacePhoenix, AZ· 1 wk ago
Managementapply on icfcjb.fa.ocs.oraclecloud.com