[Remote] Senior Manager - CrowdStrike AIDR Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Kroll is a global leader in risk and financial advisory solutions, and they are seeking a Senior Manager to build and lead the CrowdStrike Falcon AI Detection and Response (AIDR) deployment practice. This role involves deploying, configuring, and integrating Falcon AIDR within client environments while mentoring junior consultants and collaborating with CrowdStrike teams.ResponsibilitiesStand up Falcon AIDR in client tenants β€” provisioning, sensor configuration, console setup, and verification of telemetry flowRoll out the browser extension for workforce AI visibility and policy enforcement on employee GenAI usageIntegrate the AIDR SDK into client AI applications and agents (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio, custom-built agent frameworks)Deploy the MCP proxy to instrument Model Context Protocol traffic for agent securityConfigure AI/API gateway integrations for inline prompt inspection and responseEnable AIDR coverage of AI workloads in Kubernetes through Falcon Cloud Security, including runtime detection at the prompt layer with no proxies or architectural changesConfigure prompt-attack detection policies β€” tuning sensitivity for direct prompt injection, indirect prompt injection, jailbreaks, multi-modal (text + image) attacks, and unsafe content across the client's AI tools and applicationsConfigure sensitive data protection policies β€” defining custom data categories, redaction patterns, masking rules, and encryption behaviors for credentials, regulated data, and client-specific confidential information before it reaches models, agents, or external AI systemsConfigure policy enforcement across users, agents, tools, and models β€” including block, mask, encrypt, and allow-with-audit responsesConfigure runtime AI event logging β€” capturing full prompt and response content, AI model versions, users, and relationship mapping between users, prompts, models, agents, and MCP serversBuild and tune custom detection content mapped to MITRE ATLAS adversarial ML techniques (AML.T0051 LLM Prompt Injection, AML.T0054 LLM Jailbreak, AML.T0048 External Harms) as detection vocabulary inside AIDRWire AIDR telemetry into Falcon Next-Gen SIEM (LogScale) β€” building correlation rules, dashboards, and identity-driven case management for AI events alongside endpoint, cloud, identity, and SaaS telemetryBuild Falcon Fusion SOAR playbooks for AI-specific response actions: block unsafe interactions, contain malicious agent actions, redact sensitive output, revoke AI tool access, trigger MFA/identity response via Falcon Identity ProtectionIntegrate AIDR with Falcon Cloud Security for runtime AI application protection in cloud environmentsIntegrate AIDR with Falcon Data Protection for unified sensitive-data detection across AI and non-AI exfiltration pathsIntegrate AIDR with Falcon Identity Protection for cross-domain correlation between AI policy violations and identity riskBuild Charlotte AI prompts and agentic workflows for AI event triage, agent action review, and response automationTune detection policies to reduce false positives without sacrificing efficacy against the 180+ prompt injection techniques in CrowdStrike’s adversarial prompt researchTune data protection policies to client-specific sensitive data types, regulated data categories, and business workflow constraintsOptimize policy enforcement to maintain sub-30ms detection latency at scaleValidate detection efficacy through controlled testing against known prompt injection and jailbreak techniquesHand off operational runbooks to client SOC teams and Kroll Managed Services for ongoing operationAdvise client identity, cloud, and SOC engineering teams on AIDR deployment architecture decisions β€” where to place browser extensions, where to instrument with SDK vs. gateway vs. MCP proxy, how to phase rollout, how to integrate with existing Falcon modulesPartner with CrowdStrike account teams on AIDR-focused pre-sales scoping, solution design, and joint go-to-market motionsDevelop reusable AIDR deployment runbooks, configuration templates, integration patterns, Fusion SOAR playbook libraries, and Charlotte AI workflow templatesMentor consultants on AIDR deployment and integrationSkills4+ years (Manager) or 6+ years (Senior Manager) of hands-on experience deploying, configuring, and integrating security tooling in enterprise environments β€” with a meaningful concentration in the CrowdStrike Falcon platformHands-on deployment experience with the CrowdStrike Falcon platform β€” including at least one of Falcon Insight (EDR), Falcon Cloud Security, Falcon Identity Protection, Falcon Next-Gen SIEM / LogScale, or Falcon Data Protection. Direct hands-on with Falcon AIDR is preferred but not requiredDemonstrated experience deploying, configuring, and integrating Falcon platform modules β€” not just operating them post-deploymentWorking knowledge of modern AI/agent stacks sufficient to deploy and configure AIDR against them: LLMs (OpenAI, Anthropic Claude, Google Gemini, open-weights models), agent frameworks (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio), MCP (Model Context Protocol), AI/API gateways, RAG architecturesWorking understanding of prompt-injection and jailbreak tradecraft sufficient to tune AIDR detection policies β€” direct vs. indirect prompt injection, jailbreaks, multi-modal attacks, MCP abuse β€” referenced through MITRE ATLAS detection vocabulary inside AIDRHands-on scripting proficiency: Python (required), CQL (CrowdStrike Query Language); experience with LLM SDKs (OpenAI, Anthropic, LangChain) and KQL are plusesExperience building Fusion SOAR playbooks, Charlotte AI workflows, or equivalent SOAR/automation content on the Falcon platformExperience integrating Falcon modules with Next-Gen SIEM / LogScale including custom correlation, dashboards, and case managementPrior consulting delivery experience β€” scoping, leading, and personally executing deployment engagements for external clientsBachelor's degree in a relevant field or equivalent professional experienceDirect hands-on Falcon AIDR deployment, configuration, or integration experienceCrowdStrike Certified Cloud Specialist (CCCS) β€” strongly preferred (AIDR sits adjacent to and integrates with Falcon Cloud Security)Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCISExperience deploying and tuning Falcon Next-Gen SIEM / LogScale content (parsers, correlation rules, dashboards, case management)Experience building production Falcon Fusion SOAR playbooks at scaleExperience building Charlotte AI prompts and agentic workflowsExperience deploying Falcon Cloud Security in Kubernetes / containerized AI workload environmentsHands-on experience instrumenting AI applications and agents at the SDK level (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents)Hands-on experience with MCP (Model Context Protocol) server deployment and instrumentationExperience with AI gateway architectures β€” AWS Bedrock Guardrails, Azure AI Content Safety, NVIDIA NeMo Guardrails β€” for the purpose of integration or migration to AIDRPrior consulting experience at a tier-1 firm with a CrowdStrike-focused delivery practice (Big 4 CrowdStrike teams, CrowdStrike Services, or equivalent)BenefitsHealthcare Coverage: Comprehensive medical, dental, and vision plans.Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.Retirement Plans: 401(k) plans with company matching.Company OverviewKroll is a provider of risk solutions that helps clients make confident risk management decisions. It is a sub-organization of Vistra Group. It was founded in 1932, and is headquartered in New York, New York, USA, with a workforce of 5001-10000 employees. Its website is http://www.kroll.com/.Company H1B SponsorshipKroll has a track record of offering H1B sponsorships, with 1 in 2026, 21 in 2025, 14 in 2024, 10 in 2023, 15 in 2022, 7 in 2021. Please note that this does not guarantee sponsorship for this specific role.

Apply Now β†’

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Talent Acquisition Partner - Technology

Remote

Help Desk Customer Service Technician

Remote

Personal Lines Producer

Remote

Experienced Remote Data Entry Specialist – Flexible Work from Home Opportunities with arenaflex

Remote

Customer Service Parcel Specialist

Remote

Consultant, Health System Solutions Remote, USA

Remote

Due Diligence Analyst 2 (Remote)

Remote

Practice Support AI Analyst

Remote

[part Time / Remote] Remote Jobs Disney - Work From Home Jobs

Remote

D365 CE & Power Platform Technical Architect (IOM Experience Required)

Remote
← Back