[Remote] Senior Manager - CrowdStrike AIDR Engineer

Note: The job is a remote job and is open to candidates in USA. Kroll is a global leader in risk and financial advisory solutions, and they are seeking a Senior Manager to build and lead the CrowdStrike Falcon AI Detection and Response (AIDR) deployment practice. This role involves deploying, configuring, and integrating Falcon AIDR within client environments while mentoring junior consultants and collaborating with CrowdStrike teams.

Responsibilities

• Stand up Falcon AIDR in client tenants — provisioning, sensor configuration, console setup, and verification of telemetry flow
• Roll out the browser extension for workforce AI visibility and policy enforcement on employee GenAI usage
• Integrate the AIDR SDK into client AI applications and agents (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio, custom-built agent frameworks)
• Deploy the MCP proxy to instrument Model Context Protocol traffic for agent security
• Configure AI/API gateway integrations for inline prompt inspection and response
• Enable AIDR coverage of AI workloads in Kubernetes through Falcon Cloud Security, including runtime detection at the prompt layer with no proxies or architectural changes
• Configure prompt-attack detection policies — tuning sensitivity for direct prompt injection, indirect prompt injection, jailbreaks, multi-modal (text + image) attacks, and unsafe content across the client's AI tools and applications
• Configure sensitive data protection policies — defining custom data categories, redaction patterns, masking rules, and encryption behaviors for credentials, regulated data, and client-specific confidential information before it reaches models, agents, or external AI systems
• Configure policy enforcement across users, agents, tools, and models — including block, mask, encrypt, and allow-with-audit responses
• Configure runtime AI event logging — capturing full prompt and response content, AI model versions, users, and relationship mapping between users, prompts, models, agents, and MCP servers
• Build and tune custom detection content mapped to MITRE ATLAS adversarial ML techniques (AML.T0051 LLM Prompt Injection, AML.T0054 LLM Jailbreak, AML.T0048 External Harms) as detection vocabulary inside AIDR
• Wire AIDR telemetry into Falcon Next-Gen SIEM (LogScale) — building correlation rules, dashboards, and identity-driven case management for AI events alongside endpoint, cloud, identity, and SaaS telemetry
• Build Falcon Fusion SOAR playbooks for AI-specific response actions: block unsafe interactions, contain malicious agent actions, redact sensitive output, revoke AI tool access, trigger MFA/identity response via Falcon Identity Protection
• Integrate AIDR with Falcon Cloud Security for runtime AI application protection in cloud environments
• Integrate AIDR with Falcon Data Protection for unified sensitive-data detection across AI and non-AI exfiltration paths
• Integrate AIDR with Falcon Identity Protection for cross-domain correlation between AI policy violations and identity risk
• Build Charlotte AI prompts and agentic workflows for AI event triage, agent action review, and response automation
• Tune detection policies to reduce false positives without sacrificing efficacy against the 180+ prompt injection techniques in CrowdStrike’s adversarial prompt research
• Tune data protection policies to client-specific sensitive data types, regulated data categories, and business workflow constraints
• Optimize policy enforcement to maintain sub-30ms detection latency at scale
• Validate detection efficacy through controlled testing against known prompt injection and jailbreak techniques
• Hand off operational runbooks to client SOC teams and Kroll Managed Services for ongoing operation
• Advise client identity, cloud, and SOC engineering teams on AIDR deployment architecture decisions — where to place browser extensions, where to instrument with SDK vs. gateway vs. MCP proxy, how to phase rollout, how to integrate with existing Falcon modules
• Partner with CrowdStrike account teams on AIDR-focused pre-sales scoping, solution design, and joint go-to-market motions
• Develop reusable AIDR deployment runbooks, configuration templates, integration patterns, Fusion SOAR playbook libraries, and Charlotte AI workflow templates
• Mentor consultants on AIDR deployment and integration

Skills

• 4+ years (Manager) or 6+ years (Senior Manager) of hands-on experience deploying, configuring, and integrating security tooling in enterprise environments — with a meaningful concentration in the CrowdStrike Falcon platform
• Hands-on deployment experience with the CrowdStrike Falcon platform — including at least one of Falcon Insight (EDR), Falcon Cloud Security, Falcon Identity Protection, Falcon Next-Gen SIEM / LogScale, or Falcon Data Protection. Direct hands-on with Falcon AIDR is preferred but not required
• Demonstrated experience deploying, configuring, and integrating Falcon platform modules — not just operating them post-deployment
• Working knowledge of modern AI/agent stacks sufficient to deploy and configure AIDR against them: LLMs (OpenAI, Anthropic Claude, Google Gemini, open-weights models), agent frameworks (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents, Microsoft Copilot Studio), MCP (Model Context Protocol), AI/API gateways, RAG architectures
• Working understanding of prompt-injection and jailbreak tradecraft sufficient to tune AIDR detection policies — direct vs. indirect prompt injection, jailbreaks, multi-modal attacks, MCP abuse — referenced through MITRE ATLAS detection vocabulary inside AIDR
• Hands-on scripting proficiency: Python (required), CQL (CrowdStrike Query Language); experience with LLM SDKs (OpenAI, Anthropic, LangChain) and KQL are pluses
• Experience building Fusion SOAR playbooks, Charlotte AI workflows, or equivalent SOAR/automation content on the Falcon platform
• Experience integrating Falcon modules with Next-Gen SIEM / LogScale including custom correlation, dashboards, and case management
• Prior consulting delivery experience — scoping, leading, and personally executing deployment engagements for external clients
• Bachelor's degree in a relevant field or equivalent professional experience
• Direct hands-on Falcon AIDR deployment, configuration, or integration experience
• CrowdStrike Certified Cloud Specialist (CCCS) — strongly preferred (AIDR sits adjacent to and integrates with Falcon Cloud Security)
• Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCIS
• Experience deploying and tuning Falcon Next-Gen SIEM / LogScale content (parsers, correlation rules, dashboards, case management)
• Experience building production Falcon Fusion SOAR playbooks at scale
• Experience building Charlotte AI prompts and agentic workflows
• Experience deploying Falcon Cloud Security in Kubernetes / containerized AI workload environments
• Hands-on experience instrumenting AI applications and agents at the SDK level (LangChain, LlamaIndex, AutoGen, AWS Bedrock Agents)
• Hands-on experience with MCP (Model Context Protocol) server deployment and instrumentation
• Experience with AI gateway architectures — AWS Bedrock Guardrails, Azure AI Content Safety, NVIDIA NeMo Guardrails — for the purpose of integration or migration to AIDR
• Prior consulting experience at a tier-1 firm with a CrowdStrike-focused delivery practice (Big 4 CrowdStrike teams, CrowdStrike Services, or equivalent)

Benefits

• Healthcare Coverage: Comprehensive medical, dental, and vision plans.
• Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.
• Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.
• Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.
• Retirement Plans: 401(k) plans with company matching.

Company Overview

Company H1B Sponsorship