Sr. Engineer II, EPICS, NG-SIEM (Hybrid) in Austin, Texas at CrowdStrike, Inc.
Explore Related Opportunities
Job Description
Full time
R28391
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:Our mission is to make all of our customers' security-relevant data continuously available for automated detection and response, threat hunting, and other Falcon platform use cases. To enable this, the systems behind NG-SIEM (next-generation security information and event management) are growing to accommodate >100 PB of event and action data ingested every day, up to 10 years of retention, and dozens of millions of queries per hour across large sections of the data stored, for tens of thousands of customers. As a Senior Engineer II on the newly established NG-SIEM EPICS (End-to-End Performance, Incident-response, Cost, and Scaling) team, you will own the reliability and scalability of the security industry's largest SIEM platform — treating these as software engineering problems rather than purely operational ones.
The NG-SIEM platform comprises many decoupled components interacting across complex pipelines. As we scale, ensuring end-to-end health across ingest, search, and workflow execution requires deep cross-service expertise and coordinated action. You will be the engineer who builds the observability, automation, and scaling systems that keep the entire platform performing — not just individual components. You will join a distributed team of high-ownership technical leaders who share a strong passion for our mission: to stop breaches.
This is a hybrid opportunity, with the expectation to be in our Austin, TX office 2-3x a week.
What You'll Do:End-to-end observability: Design, build, and maintain monitoring and synthetic test suites that provide deep visibility into the health of the entire NG-SIEM pipeline — from ingest through search and workflow execution — enabling rapid root cause analysis across component boundaries.
Coordinated scaling: Engineer orchestrated scaling solutions that treat the NG-SIEM pipeline as a unified system, proportionally increasing resources across all dependent components (Kafka, ingest pipelines, downstream services) to eliminate cascading bottleneck patterns.
Incident response engineering: Serve as a subject matter expert during platform-wide incidents (P2 and above), applying cross-service knowledge to diagnose and resolve multi-component failures. Partake in follow-the-sun on-call rotations, providing incident commander coordination for critical platform-wide events.
Capacity planning and cost management: Build and refine models for end-to-end capacity forecasting that account for all pipeline dimensions, including partner team dependencies (data services, GPS). Develop tooling to continuously track and surface cost drivers across the platform.
Automation and runbooks: Transform manual standard operating procedures into automated remediation workflows — including pipeline-wide scaling responses, CID rebalancing, and infrastructure healing — with the goal of resolving issues before customers are impacted.
Cross-team collaboration: Partner with cell-level teams, product engineering, GDI/3PI, and external stakeholders (e.g., CSM) to triage SLO breaches, drive problem management for large reliability efforts, and ensure consistent communication during incidents.
Platform improvements: Use your broad NG-SIEM knowledge to identify and drive systemic improvements across teams, contributing to the platform's long-term resilience and efficiency.
A passion for reliability engineering and curiosity about how large-scale running systems behave under pressure;
10+ years of experience in software engineering, site reliability engineering, or platform engineering, with significant time spent on large-scale distributed systems, and the ability to make pragmatic tradeoffs between short-term delivery needs and long-term platform goals;
Strong proficiency in at least one systems programming language (Go, Java, Rust, or C++) and one scripting language (Python, Bash);
Deep experience with end-to-end observability — building monitoring pipelines, defining SLIs/SLOs, and creating dashboards that drive actionable insights across multi-service architectures;
Demonstrated ability to diagnose and resolve complex incidents spanning multiple distributed components operating 24/7;
Experience with coordinated capacity planning and scaling for systems with significant infrastructure footprints;
Hands-on experience with streaming platforms (Kafka or similar) and understanding of back pressure, partition management, and consumer group dynamics at scale;
Familiarity with infrastructure-as-code, CI/CD pipelines, and automated deployment practices;
A can-do attitude — you thrive collaborating in a team and are not afraid of taking on responsibilities;
Strong written and verbal communication skills — you will lead incident communications and produce post-incident analyses that drive lasting improvements;
Comfort working across time zones with globally distributed teams.
Experience in a similar reliability or platform engineering role at a hyperscaler (AWS, Azure, GCP) or large-scale SaaS provider;
Track record of building automated remediation and self-healing infrastructure;
Experience with cost modeling and unit economics for large compute and storage footprints;
Familiarity with cloud-native architectures and serverless computing paradigms;
Hands-on experience operating platforms processing over 1 trillion events per day or more than 10 PB of data per day;
Exposure to or experience with Log Management, cybersecurity products, or security operations workflows;
Experience with disaster recovery planning and execution for multi-region systems.
#LI-SS1
#HTF
This role will require the candidate to periodically undergo and pass additional background and fingerprint check(s) consistent with government customer requirements.Benefits of Working at CrowdStrike:
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $160,000 - $250,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.For detailed information about the U.S. benefits package, please click here.