Home › Companies › Hcxs Fa Us2 Oraclecloud Com CX 1 › Senior Manager - CrowdStrike AIDR Engineer
Senior Manager - CrowdStrike AIDR Engineer
Hcxs Fa Us2 Oraclecloud Com CX 1 · United States · Remote · Active · $150,000–$200,000 / year · Oracle Recruiting Cloud / Fusion HCM
Job facts
| Field | Value |
|---|---|
| Company | Hcxs Fa Us2 Oraclecloud Com CX 1 |
| Title | Senior Manager - CrowdStrike AIDR Engineer |
| Normalized title | - |
| Department / team | Cyber Security |
| Location | United States |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | $150,000–$200,000 / year |
| Status | active |
| ATS provider | Oracle Recruiting Cloud / Fusion HCM |
| Posted / first seen | 2026-05-29 / 2026-05-31 |
| Changed / last seen | 2026-06-06 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Hcxs Fa Us2 Oraclecloud Com CX 1. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Oracle Recruiting Cloud / Fusion HCM. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Cyber Security. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Hcxs Fa Us2 Oraclecloud Com CX 1 |
| Source | 8ca76235-5143-4e8f-b751-da929f8418bd |
| ATS provider | Oracle Recruiting Cloud / Fusion HCM |
Description
Description
At Kroll, we provide reactive, advisory, transformation, and managed security services to support clients at every stage of their path toward cyber and data resilience maturity. Our experts bring decades of experience in cyber risk consultancy, helping organizations across the world simplify and reduce the complexity of implementing, transforming, and managing their cyber programs. Through our strategic multi-year partnership with CrowdStrike, we combine world-class investigative expertise with an AI-native platform to redefine the future of managed detection and response, delivering faster outcomes, stronger protection, and greater resilience for organizations worldwide.
The Cyber & Data Resilience capability (formerly Engineered Defense) is hiring a Manager or Senior Manager to build and lead Kroll's CrowdStrike Falcon AI Detection and Response (AIDR) deployment practice . With the GA of Falcon AIDR , CrowdStrike extended the Falcon platform to secure the AI prompt and agent interaction layer — protecting workforce GenAI use and homegrown AI applications and agents through one sensor and one console, with deployment via browser extension, application SDK, AI/API gateway integration, and MCP proxy.
Kroll clients need a partner who can deploy, configure, integrate, and tune Falcon AIDR end-to-end inside their Falcon tenant — getting AIDR turned on across the right deployment surfaces, wiring its telemetry into Falcon Next-Gen SIEM, building Fusion SOAR playbooks for AI events, integrating with Falcon Cloud Security and Falcon Data Protection, and tuning prompt-attack and data-protection policies to each client's AI usage patterns.
This is a player-coach role . The “Manager” or “Senior Manager” title does not mean hands-off oversight. You will personally lead engagement delivery — standing up AIDR in client tenants, integrating it with the rest of the Falcon stack, configuring policies, and tuning detections — while mentoring junior consultants and partnering with CrowdStrike account teams on scoping.
This role reports into the Engineered Defense / Tech Transformation leadership team and partners closely with Kroll’s Cloud Security, Identity, Next-Gen SIEM, and CrowdStrike Services delivery teams.
Deploy Stand up Falcon AIDR in client tenants — provisioning, sensor configuration, console setup, and verification of telemetry flow.
Roll out the browser extension for workforce AI visibility and policy enforcement on employee GenAI usage.
Integrate the AIDR SDK into client AI applications and agents (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio, custom-built agent frameworks).
Deploy the MCP proxy to instrument Model Context Protocol traffic for agent security.
Configure AI/API gateway integrations for inline prompt inspection and response.
Enable AIDR coverage of AI workloads in Kubernetes through Falcon Cloud Security, including runtime detection at the prompt layer with no proxies or architectural changes.
Configure Configure prompt-attack detection policies — tuning sensitivity for direct prompt injection, indirect prompt injection, jailbreaks, multi-modal (text + image) attacks, and unsafe content across the client's AI tools and applications.
Configure sensitive data protection policies — defining custom data categories, redaction patterns, masking rules, and encryption behaviors for credentials, regulated data, and client-specific confidential information before it reaches models, agents, or external AI systems.
Configure policy enforcement across users, agents, tools, and models — including block, mask, encrypt, and allow-with-audit responses.
Configure runtime AI event logging — capturing full prompt and response content, AI model versions, users, and relationship mapping between users, prompts, models, agents, and MCP servers.
Build and tune custom detection content mapped to MITRE ATLAS adversarial ML techniques (AML.T0051 LLM Prompt Injection, AML.T0054 LLM Jailbreak, AML.T0048 External Harms) as detection vocabulary inside AIDR.
Integrate Wire AIDR telemetry into Falcon Next-Gen SIEM (LogScale) — building correlation rules, dashboards, and identity-driven case management for AI events alongside endpoint, cloud, identity, and SaaS telemetry.
Build Falcon Fusion SOAR playbooks for AI-specific response actions: block unsafe interactions, contain malicious agent actions, redact sensitive output, revoke AI tool access, trigger MFA/identity response via Falcon Identity Protection.
Integrate AIDR with Falcon Cloud Security for runtime AI application protection in cloud environments.
Integrate AIDR with Falcon Data Protection for unified sensitive-data detection across AI and non-AI exfiltration paths.
Integrate AIDR with Falcon Identity Protection for cross-domain correlation between AI policy violations and identity risk.
Build Charlotte AI prompts and agentic workflows for AI event triage, agent action review, and response automation.
Tune and Operate Tune detection policies to reduce false positives without sacrificing efficacy against the 180+ prompt injection techniques in CrowdStrike’s adversarial prompt research.
Tune data protection policies to client-specific sensitive data types, regulated data categories, and business workflow constraints.
Optimize policy enforcement to maintain sub-30ms detection latency at scale.
Validate detection efficacy through controlled testing against known prompt injection and jailbreak techniques.
Hand off operational runbooks to client SOC teams and Kroll Managed Services for ongoing operation.
Advise (scoped to the platform) Advise client identity, cloud, and SOC engineering teams on AIDR deployment architecture decisions — where to place browser extensions, where to instrument with SDK vs. gateway vs. MCP proxy, how to phase rollout, how to integrate with existing Falcon modules.
Partner with CrowdStrike account teams on AIDR-focused pre-sales scoping, solution design, and joint go-to-market motions.
Build the Practice Develop reusable AIDR deployment runbooks, configuration templates, integration patterns, Fusion SOAR playbook libraries, and Charlotte AI workflow templates.
Mentor consultants on AIDR deployment and integration.
Hiring Requirements 4+ years (Manager) or 6+ years (Senior Manager) of hands-on experience deploying, configuring, and integrating security tooling in enterprise environments — with a meaningful concentration in the CrowdStrike Falcon platform.
Hands-on deployment experience with the CrowdStrike Falcon platform — including at least one of Falcon Insight (EDR), Falcon Cloud Security, Falcon Identity Protection, Falcon Next-Gen SIEM / LogScale, or Falcon Data Protection. Direct hands-on with Falcon AIDR is preferred but not required.
Demonstrated experience deploying, configuring, and integrating Falcon platform modules — not just operating them post-deployment.
Working knowledge of modern AI/agent stacks sufficient to deploy and configure AIDR against them: LLMs (OpenAI, Anthropic Claude, Google Gemini, open-weights models), agent frameworks (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio), MCP (Model Context Protocol), AI/API gateways, RAG architectures .
Working understanding of prompt-injection and jailbreak tradecraft sufficient to tune AIDR detection policies — direct vs. indirect prompt injection, jailbreaks, multi-modal attacks, MCP abuse — referenced through MITRE ATLAS detection vocabulary inside AIDR.
Hands-on scripting proficiency: Python (required), CQL (CrowdStrike Query Language) ; experience with LLM SDKs (OpenAI, Anthropic, LangChain) and KQL are pluses.
Experience building Fusion SOAR playbooks , Charlotte AI workflows , or equivalent SOAR/automation content on the Falcon platform.
Experience integrating Falcon modules with Next-Gen SIEM / LogScale including custom correlation, dashboards, and case management.
Prior consulting delivery experience — scoping, leading, and personally executing deployment engagements for external clients.
Bachelor’s degree in a relevant field or equivalent professional experience.
A note on experience: Falcon AIDR was released in December 2025 — almost no candidate has multi-year hands-on history with the product. We will strongly consider candidates with fewer years of consulting experience who bring deep hands-on Falcon platform deployment skills plus working knowledge of modern AI/agent stacks. Demonstrated Falcon deployment skill and the ability to ramp on AIDR quickly can offset tenure.
Preferred Qualifications Direct hands-on Falcon AIDR deployment, configuration, or integration experience.
CrowdStrike Certified Cloud Specialist (CCCS) — strongly preferred (AIDR sits adjacent to and integrates with Falcon Cloud Security).
Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCIS.
Experience deploying and tuning Falcon Next-Gen SIEM / LogScale content (parsers, correlation rules, dashboards, case management).
Experience building production Falcon Fusion SOAR playbooks at scale.
Experience building Charlotte AI prompts and agentic workflows.
Experience deploying Falcon Cloud Security in Kubernetes / containerized AI workload environments.
Hands-on experience instrumenting AI applications and agents at the SDK level (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents).
Hands-on experience with MCP (Model Context Protocol) server deployment and instrumentation.
Experience with AI gateway architectures — AWS Bedrock Guardrails, Azure AI Content Safety, NVIDIA NeMo Guardrails — for the purpose of integration or migration to AIDR.
Prior consulting experience at a tier-1 firm with a CrowdStrike-focused delivery practice (Big 4 CrowdStrike teams, CrowdStrike Services, or equivalent).
Your recruiter will be happy to walk you through your U.S.-specific benefits, which include:
Healthcare Coverage: Comprehensive medical, dental, and vision plans.
Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.
Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.
Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.
Retirement Plans: 401(k) plans with company matching.
Please note that benefits may vary by region, department and role. We encourage you to speak with your recruiter to learn more about the specific benefits available for your position.
About Kroll
Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.
In order to be considered for a position, you must formally apply via careers.kroll.com.
We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.
The current salary range for this position is $150,000 to $200,000
#LI-CN1
#LI-Remote
Full job record
| Job ID | 8ac4ab1d69c898a6dd1baf45abd62f0858d884a8 |
| Org ID | 10b0a55d-ee38-4a7c-8b0e-fd4137b5ef6d |
| Source ID | 8ca76235-5143-4e8f-b751-da929f8418bd |
| Board ID | 8ca76235-5143-4e8f-b751-da929f8418bd |
| Provider | oracle_hcm |
| Provider Job Key | 21014353 |
| Title | Senior Manager - CrowdStrike AIDR Engineer |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | United States |
| Department | Cyber Security |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | United States |
| Region | — |
| City | — |
| Salary Raw | salary range for this position is $150,000 to $200,000 #LI-CN1 #LI-Remote |
| Salary Min | 150,000 |
| Salary Max | 200,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://hcxs.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/21014353 |
| Apply URL | https://hcxs.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/21014353 |
| First Seen At | 2026-05-31 18:03:49Z |
| Last Seen At | 2026-06-06 11:40:42Z |
| Last Checked At | 2026-06-06 11:40:42Z |
| Last Changed At | 2026-06-06 11:40:42Z |
| Inactive At | — |
| Source Posted At | 2026-05-29 17:07:23Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=oracle_hcm/board=hcxs.fa.us2.oraclecloud.com|CX_1/date=2026-06-06/2026-06-06T11-40-21-697Z-442edf178f5c73a009f82e9d6d12c95fd265bf5c9897c13d4f5f92baa648c679.json |
Event Fields
{
"content_hash": "472d2b0098610b1d0d0a85d522075ae06d04985e1836b9884fca169c232f0623",
"source_hash": "8eef987d53cb18c5d815aa986a15ef52070217c0ac5f946c32f94b640ca62e5d",
"last_changed_at": "2026-06-06T11:40:42.036Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "United States",
"city": null,
"region": null,
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"salary_max": 200000,
"salary_min": 150000,
"inferred_at": "2026-06-06T11:40:41.854Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "United States",
"city": null,
"region": null,
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"United States"
]
},
"remote_policy": "remote",
"salary_period": "year",
"workplace_type": "remote",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"detail": {
"Id": "21014353",
"Title": "Senior Manager - CrowdStrike AIDR Engineer",
"media": [],
"skills": [],
"JobType": null,
"Category": "Cyber Security",
"JobGrade": null,
"JobLevel": null,
"JobShift": null,
"WorkDays": null,
"WorkHours": null,
"WorkYears": null,
"Department": null,
"HotJobFlag": false,
"StudyLevel": "Bachelor's Degree",
"WorkMonths": null,
"WorkerType": null,
"GeographyId": 300000000345520,
"JobFamilyId": 300000051783684,
"JobFunction": "Cybersecurity",
"JobSchedule": "Full time",
"BusinessUnit": null,
"ContractType": null,
"Organization": null,
"TrendingFlag": false,
"workLocation": [
{
"Country": null,
"Region1": null,
"Region2": null,
"Region3": null,
"Building": null,
"Latitude": "",
"Longitude": "",
"LocationId": null,
"PostalCode": null,
"TownOrCity": null,
"AddressLine1": null,
"AddressLine2": null,
"AddressLine3": null,
"AddressLine4": null,
"LocationName": null
}
],
"ContentLocale": "en",
"HiringManager": null,
"LegalEmployer": null,
"RequisitionId": 300003352924354,
"WorkplaceType": "",
"BusinessUnitId": 300002214657116,
"OrganizationId": 1,
"GeographyNodeId": 100003320281646,
"JobFunctionCode": "CRC-CYBER",
"LegalEmployerId": 300000002450743,
"PrimaryLocation": "United States",
"RequisitionType": "Experienced",
"NumberOfOpenings": null,
"WorkplaceTypeCode": null,
"BeFirstToApplyFlag": true,
"otherWorkLocations": [],
"secondaryLocations": [],
"ExternalContactName": null,
"ShortDescriptionStr": "Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll. ",
"ExternalContactEmail": null,
"ExternalPostedEndDate": null,
"OtherRequisitionTitle": null,
"requisitionFlexFields": [],
"ApplyWhenNotPostedFlag": false,
"DomesticTravelRequired": null,
"ExternalDescriptionStr": "<p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">At Kroll, we provide reactive, advisory, transformation, and managed security services to support clients at every stage of their path toward cyber and data resilience maturity. Our experts bring decades of experience in cyber risk consultancy, helping organizations across the world simplify and reduce the complexity of implementing, transforming, and managing their cyber programs. Through our strategic multi-year partnership with CrowdStrike, we combine world-class investigative expertise with an AI-native platform to redefine the future of managed detection and response, delivering faster outcomes, stronger protection, and greater resilience for organizations worldwide.</span></span></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">The Cyber & Data Resilience capability (formerly Engineered Defense) is hiring a Manager or Senior Manager to build and lead Kroll's <strong>CrowdStrike Falcon AI Detection and Response (AIDR) deployment practice</strong>. With the GA of <strong>Falcon AIDR</strong>, CrowdStrike extended the Falcon platform to secure the AI prompt and agent interaction layer — protecting workforce GenAI use and homegrown AI applications and agents through one sensor and one console, with deployment via browser extension, application SDK, AI/API gateway integration, and MCP proxy.</span></span></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Kroll clients need a partner who can <strong>deploy, configure, integrate, and tune</strong> Falcon AIDR end-to-end inside their Falcon tenant — getting AIDR turned on across the right deployment surfaces, wiring its telemetry into Falcon Next-Gen SIEM, building Fusion SOAR playbooks for AI events, integrating with Falcon Cloud Security and Falcon Data Protection, and tuning prompt-attack and data-protection policies to each client's AI usage patterns.</span></span></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">This is a <strong>player-coach role</strong>. The “Manager” or “Senior Manager” title does <strong>not</strong> mean hands-off oversight. You will personally lead engagement delivery — standing up AIDR in client tenants, integrating it with the rest of the Falcon stack, configuring policies, and tuning detections — while mentoring junior consultants and partnering with CrowdStrike account teams on scoping.</span></span></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">This role reports into the Engineered Defense / Tech Transformation leadership team and partners closely with Kroll’s Cloud Security, Identity, Next-Gen SIEM, and CrowdStrike Services delivery teams.</span></span></p><p style=\"text-align: justify;\"> </p><h3 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Deploy</span></span></h3><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Stand up <strong>Falcon AIDR</strong> in client tenants — provisioning, sensor configuration, console setup, and verification of telemetry flow.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Roll out the <strong>browser extension</strong> for workforce AI visibility and policy enforcement on employee GenAI usage.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Integrate the <strong>AIDR SDK</strong> into client AI applications and agents (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio, custom-built agent frameworks).</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Deploy the <strong>MCP proxy</strong> to instrument Model Context Protocol traffic for agent security.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Configure <strong>AI/API gateway integrations</strong> for inline prompt inspection and response.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Enable AIDR coverage of <strong>AI workloads in Kubernetes</strong> through Falcon Cloud Security, including runtime detection at the prompt layer with no proxies or architectural changes.</span></span></p></li></ul><h3 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Configure</span></span></h3><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Configure <strong>prompt-attack detection policies</strong> — tuning sensitivity for direct prompt injection, indirect prompt injection, jailbreaks, multi-modal (text + image) attacks, and unsafe content across the client's AI tools and applications.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Configure <strong>sensitive data protection policies</strong> — defining custom data categories, redaction patterns, masking rules, and encryption behaviors for credentials, regulated data, and client-specific confidential information before it reaches models, agents, or external AI systems.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Configure <strong>policy enforcement</strong> across users, agents, tools, and models — including block, mask, encrypt, and allow-with-audit responses.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Configure <strong>runtime AI event logging</strong> — capturing full prompt and response content, AI model versions, users, and relationship mapping between users, prompts, models, agents, and MCP servers.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Build and tune <strong>custom detection content</strong> mapped to MITRE ATLAS adversarial ML techniques (AML.T0051 LLM Prompt Injection, AML.T0054 LLM Jailbreak, AML.T0048 External Harms) as detection vocabulary inside AIDR.</span></span></p></li></ul><h3 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Integrate</span></span></h3><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Wire AIDR telemetry into <strong>Falcon Next-Gen SIEM (LogScale)</strong> — building correlation rules, dashboards, and identity-driven case management for AI events alongside endpoint, cloud, identity, and SaaS telemetry.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Build <strong>Falcon Fusion SOAR</strong> playbooks for AI-specific response actions: block unsafe interactions, contain malicious agent actions, redact sensitive output, revoke AI tool access, trigger MFA/identity response via Falcon Identity Protection.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Integrate AIDR with <strong>Falcon Cloud Security</strong> for runtime AI application protection in cloud environments.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Integrate AIDR with <strong>Falcon Data Protection</strong> for unified sensitive-data detection across AI and non-AI exfiltration paths.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Integrate AIDR with <strong>Falcon Identity Protection</strong> for cross-domain correlation between AI policy violations and identity risk.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Build <strong>Charlotte AI</strong> prompts and agentic workflows for AI event triage, agent action review, and response automation.</span></span></p></li></ul><h3 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Tune and Operate</span></span></h3><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Tune detection policies to reduce false positives without sacrificing efficacy against the 180+ prompt injection techniques in CrowdStrike’s adversarial prompt research.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Tune data protection policies to client-specific sensitive data types, regulated data categories, and business workflow constraints.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Optimize policy enforcement to maintain sub-30ms detection latency at scale.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Validate detection efficacy through controlled testing against known prompt injection and jailbreak techniques.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Hand off operational runbooks to client SOC teams and Kroll Managed Services for ongoing operation.</span></span></p></li></ul><h3 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Advise (scoped to the platform)</span></span></h3><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Advise client identity, cloud, and SOC engineering teams on AIDR deployment architecture decisions — where to place browser extensions, where to instrument with SDK vs. gateway vs. MCP proxy, how to phase rollout, how to integrate with existing Falcon modules.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Partner with CrowdStrike account teams on AIDR-focused pre-sales scoping, solution design, and joint go-to-market motions.</span></span></p></li></ul><h3 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Build the Practice</span></span></h3><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Develop reusable AIDR deployment runbooks, configuration templates, integration patterns, Fusion SOAR playbook libraries, and Charlotte AI workflow templates.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Mentor consultants on AIDR deployment and integration.</span></span></p></li></ul><div style=\"border-width: medium; border-style: none; border-color: currentcolor; border-image: initial; padding: 0in 0in 4pt;\"><h2 style=\"margin: 0in; text-align: justify;\"> </h2><h2 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Hiring Requirements</span></span></h2></div><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\"><strong>4+ years (Manager) or 6+ years (Senior Manager) </strong>of hands-on experience deploying, configuring, and integrating security tooling in enterprise environments — with a meaningful concentration in the CrowdStrike Falcon platform.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\"><strong>Hands-on deployment experience with the CrowdStrike Falcon platform</strong> — including at least one of Falcon Insight (EDR), Falcon Cloud Security, Falcon Identity Protection, Falcon Next-Gen SIEM / LogScale, or Falcon Data Protection. Direct hands-on with Falcon AIDR is preferred but not required.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Demonstrated experience <strong>deploying, configuring, and integrating</strong> Falcon platform modules — not just operating them post-deployment.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Working knowledge of modern AI/agent stacks sufficient to deploy and configure AIDR against them: <strong>LLMs (OpenAI, Anthropic Claude, Google Gemini, open-weights models), agent frameworks (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio), MCP (Model Context Protocol), AI/API gateways, RAG architectures</strong>.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Working understanding of prompt-injection and jailbreak tradecraft sufficient to tune AIDR detection policies — direct vs. indirect prompt injection, jailbreaks, multi-modal attacks, MCP abuse — referenced through MITRE ATLAS detection vocabulary inside AIDR.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Hands-on scripting proficiency: <strong>Python (required), CQL (CrowdStrike Query Language)</strong>; experience with LLM SDKs (OpenAI, Anthropic, LangChain) and KQL are pluses.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience building <strong>Fusion SOAR playbooks</strong>, <strong>Charlotte AI workflows</strong>, or equivalent SOAR/automation content on the Falcon platform.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience integrating Falcon modules with <strong>Next-Gen SIEM / LogScale</strong> including custom correlation, dashboards, and case management.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Prior consulting delivery experience — scoping, leading, and personally executing deployment engagements for external clients.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Bachelor’s degree in a relevant field or equivalent professional experience.</span></span></p></li></ul><div style=\"border-width: medium; border-style: none; border-color: currentcolor; border-image: initial; margin-left: 12pt; margin-right: 0in; padding: 0in 0in 0in 12pt;\"><p style=\"border-width: medium; border-style: none; border-color: currentcolor; border-image: initial; padding: 0in; text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><i><span style=\"font-size: 10pt;\"><strong>A note on experience: </strong>Falcon AIDR was released in December 2025 — almost no candidate has multi-year hands-on history with the product. We will strongly consider candidates with fewer years of consulting experience who bring <strong>deep hands-on Falcon platform deployment skills</strong> plus working knowledge of modern AI/agent stacks. Demonstrated Falcon deployment skill and the ability to ramp on AIDR quickly can offset tenure.</span></i></span></p><h2 style=\"margin: 0in; text-align: justify;\"><span style=\"color: windowtext; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Preferred Qualifications</span></span></h2></div><ul style=\"padding-left: 36px;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Direct hands-on <strong>Falcon AIDR</strong> deployment, configuration, or integration experience.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\"><strong>CrowdStrike Certified Cloud Specialist (CCCS) </strong>— </span><i><span style=\"font-size: 10pt;\">strongly preferred</span></i><span style=\"font-size: 10pt;\"> (AIDR sits adjacent to and integrates with Falcon Cloud Security).</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCIS.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience deploying and tuning <strong>Falcon Next-Gen SIEM / LogScale</strong> content (parsers, correlation rules, dashboards, case management).</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience building production <strong>Falcon Fusion SOAR</strong> playbooks at scale.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience building <strong>Charlotte AI</strong> prompts and agentic workflows.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience deploying <strong>Falcon Cloud Security</strong> in Kubernetes / containerized AI workload environments.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Hands-on experience instrumenting AI applications and agents at the SDK level (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents).</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Hands-on experience with <strong>MCP (Model Context Protocol)</strong> server deployment and instrumentation.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Experience with AI gateway architectures — AWS Bedrock Guardrails, Azure AI Content Safety, NVIDIA NeMo Guardrails — for the purpose of integration or migration to AIDR.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Prior consulting experience at a tier-1 firm with a CrowdStrike-focused delivery practice (Big 4 CrowdStrike teams, CrowdStrike Services, or equivalent).</span></span></p></li></ul><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><a name=\"_Hlk212474434\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Your recruiter will be happy to walk you through your U.S.-specific benefits, which include:</span></span></a></p><p style=\"text-align: justify;\"> </p><ul style=\"list-style-type: disc;\"><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Healthcare Coverage: Comprehensive medical, dental, and vision plans.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.</span></span></p></li><li class=\"ortl-align-justify\"><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Retirement Plans: 401(k) plans with company matching.</span></span></p></li></ul><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Please note that benefits may vary by region, department and role. We encourage you to speak with your recruiter to learn more about the specific benefits available for your position.</span></span></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\"><strong><u>About Kroll</u> </strong></span></span></p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\"><strong> </strong></span></span></p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll. </span></span></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><a name=\"_Hlk210810136\"><span style=\"color: black; font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">In order to be considered for a position, you must formally apply via careers.kroll.com.</span></span></a></p><p style=\"text-align: justify;\"> </p><p style=\"text-align: justify;\"><span style=\"font-family: "Nunito Sans";\"><i><span style=\"font-size: 10pt;\">We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.</span></i></span></p><p> </p><p><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">The current salary range for this position is $150,000 to $200,000</span></span></p><p> </p><p> </p><p><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">#LI-CN1</span></span></p><p><span style=\"font-family: "Nunito Sans";\"><span style=\"font-size: 10pt;\">#LI-Remote</span></span></p><p> </p><p style=\"text-align: justify;\"> </p>",
"ObjectVerNumberProfile": "2",
"PrimaryLocationCountry": "US",
"CorporateDescriptionStr": "",
"ExternalPostedStartDate": "2026-05-29T17:07:23+00:00",
"ExternalQualificationsStr": "",
"InternalQualificationsStr": "",
"OrganizationDescriptionStr": "",
"primaryLocationCoordinates": [
{
"Latitude": "39.82844",
"Longitude": "-98.57939",
"CountryCode": "US",
"GeographyId": 300000000345520,
"GeographyNodeId": 100003320281646
}
],
"ExternalResponsibilitiesStr": "",
"InternalResponsibilitiesStr": "",
"InternationalTravelRequired": null
},
"list_job": {
"Id": "21014353",
"Title": "Senior Manager - CrowdStrike AIDR Engineer",
"JobType": null,
"Distance": 1780012800000,
"JobShift": null,
"Language": "US",
"WorkDays": null,
"JobFamily": null,
"Relevancy": 6,
"WorkHours": null,
"Department": null,
"HotJobFlag": false,
"PostedDate": "2026-05-29",
"StudyLevel": null,
"WorkerType": null,
"GeographyId": 300000000345520,
"JobFunction": null,
"JobSchedule": null,
"BusinessUnit": null,
"ContractType": null,
"ManagerLevel": null,
"Organization": null,
"TrendingFlag": false,
"workLocation": [
{
"Country": null,
"Region1": null,
"Region2": null,
"Region3": null,
"Building": null,
"Latitude": null,
"Longitude": null,
"LocationId": null,
"PostalCode": null,
"TownOrCity": null,
"AddressLine1": null,
"AddressLine2": null,
"AddressLine3": null,
"AddressLine4": null,
"LocationName": null
}
],
"LegalEmployer": null,
"MediaThumbURL": null,
"WorkplaceType": "",
"BusinessUnitId": 300002214657116,
"OrganizationId": 1,
"PostingEndDate": null,
"LegalEmployerId": 300000002450743,
"PrimaryLocation": "United States",
"WorkDurationYears": null,
"WorkplaceTypeCode": null,
"BeFirstToApplyFlag": true,
"WorkDurationMonths": null,
"otherWorkLocations": [],
"secondaryLocations": [],
"ShortDescriptionStr": "Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll. ",
"requisitionFlexFields": [],
"DomesticTravelRequired": null,
"PrimaryLocationCountry": "US",
"ExternalQualificationsStr": null,
"ExternalResponsibilitiesStr": null,
"InternationalTravelRequired": null
},
"detail_meta": {
"url": "https://hcxs.fa.us2.oraclecloud.com/hcmRestApi/resources/latest/recruitingCEJobRequisitionDetails?expand=all&onlyData=true&finder=ById;Id=%2221014353%22,siteNumber=CX_1",
"http_status": 200,
"content_type": "application/json",
"response_bytes": 29856
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/8ac4ab1d69c898a6dd1baf45abd62f0858d884a8?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/10b0a55d-ee38-4a7c-8b0e-fd4137b5ef6dJSONGET https://api.bluedoor.sh/job-postings/v1/sources/8ca76235-5143-4e8f-b751-da929f8418bdJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/8ac4ab1d69c898a6dd1baf45abd62f0858d884a8/eventsJSON