Principal Engineer, Cloud Content (remote) - Remote Eligible

Principal Engineer, Cloud Threat Detection

CrowdStrike is seeking a Principal Engineer that will operate as the senior technical authority for cloud threat detection. This role owns the design of cloud-native detection logic, advanced telemetry pipelines, cloud attack-surface visibility, and real-time threat-detection capabilities across public clouds. The Principal engineer role drives deep technical initiatives: building detection-as-code frameworks, researching emerging cloud-native threats, designing scalable detection architectures, and leading complex cloud-focused investigations.

This role sets the technical bar for cloud detection engineering, influences platform and cloud-architecture decisions, and ensures the entire detection stack is aligned to adversary tradecraft in modern cloud environments. This is expected to define technical direction, solve problems no one else can, and create durable mechanisms that raise detection quality and velocity across the cloud ecosystem.

What You'll Do:

• Architect, build, and optimize cloud detection pipelines: telemetry ingestion, log processing, alerting, detection-as-code workflows, and automated analysis frameworks.
• Develop advanced detections for cloud-native threats: IAM misconfigurations, lateral movement across cloud services, runtime/container attacks, serverless abuse, data-exfiltration patterns, persistence mechanisms, and cloud control-plane manipulation.
• Lead cloud threat research: track emergent attacker tradecraft, cloud-native TTPs, abuse of managed services, supply-chain risks, ephemeral compute patterns, and multi-cloud attack surfaces.
• Conduct advanced investigations involving cloud logs, control-plane events, network telemetry, and container/runtime signals.
• Collaborate deeply with cloud engineering, platform teams, and DevOps to embed telemetry early in design — instrumentation, log generation, audit events, and detection hooks across cloud services.
• Recommend and drive enhancements to cloud observability and detection coverage, backed by analysis of gaps, adversary opportunities, and telemetry blind spots.
• Influence architectural decisions and strategic initiatives through data, technical depth, and adversary-focused perspectives.
• Mentor other detection engineers by setting standards for detection logic, code quality, cloud telemetry hygiene, and investigation methodology.

What You'll Need:

• 8 to 15+ years of experience in cloud threat detection, cloud security engineering, incident response, threat hunting, or equivalent.
• Strong expertise with AWS and at least one of Azure or GCP; deep knowledge of cloud control-plane events, service logs, runtime/container ecosystems, and network architectures.
• Proven ability to design and deliver high-fidelity cloud detections in large-scale environments, with understanding of FP/FN trade-offs and detection-as-code methodologies.
• Strong engineering ability: Python, Go, or equivalent languages; familiarity with CI/CD, infrastructure-as-code, and cloud automation.
• Demonstrated ability to lead complex cloud investigations and turn findings into durable detection logic.
• Strong understanding of cloud threat models: identity-based attacks, misconfiguration abuse, boundary-less lateral movement, data-exfiltration paths, and cloud service exploitation.
• Ability to influence platform teams, propose architectural improvements, and advocate for telemetry and detection requirements with clear rationale and evidence.

Bonus Points:

• Experience with multi-cloud detection architectures at scale.
• Experience building detection testing frameworks or automated validation pipelines.
• Deep familiarity with attacker tradecraft targeting cloud infrastructure.
• Strong communication skills; concise, technical, grounded in adversary behavior and detection outcomes.

Benefits of Working at CrowdStrike:

• Remote-friendly and flexible work culture
• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.