About CrowdStrike

CrowdStrike is a global leader in cybersecurity, protecting the people, processes, and technologies that drive modern organizations. Since 2011, our mission has remained unwavering: stop breaches. We've redefined modern security with the world's most advanced AI-native platform, the Falcon platform, processing nearly 3 trillion events per day—a volume that's growing rapidly. Our customers across all industries rely on CrowdStrike to keep businesses running, communities safe, and lives moving forward. As a mission-driven company, we foster a remote-first culture that empowers every CrowdStriker with flexibility and autonomy to own their careers. We're passionate about innovation, customer success, and community impact.

Role Overview

As Principal Engineer, Cloud Content (Hybrid) in Austin, Texas, you'll serve as the senior technical authority for cloud threat detection. This high-impact role owns the design of cloud-native detection logic, advanced telemetry pipelines, cloud attack-surface visibility, and real-time threat-detection capabilities across public clouds like AWS, Azure, and GCP. You'll drive deep technical initiatives, including building detection-as-code frameworks, researching emerging cloud-native threats, designing scalable detection architectures, and leading complex cloud-focused investigations. Set the technical bar for cloud detection engineering, influence platform and cloud-architecture decisions, and ensure alignment with adversary tradecraft in modern cloud environments. This hybrid position requires 2-3 days per week on-site in Austin, blending collaboration with flexibility.

Why This Role Matters

In today's boundary-less cloud ecosystems, threats evolve rapidly—IAM misconfigurations, serverless abuse, ephemeral compute attacks, and multi-cloud lateral movement demand expert engineering. You'll define technical direction, solve intractable problems, and create durable mechanisms that elevate detection quality and velocity across the cloud ecosystem, directly contributing to CrowdStrike's mission to stop breaches.

Key Responsibilities

Your day-to-day will focus on architecting the future of cloud security:

• Architect, build, and optimize cloud detection pipelines: telemetry ingestion, log processing, alerting, detection-as-code workflows, and automated analysis frameworks.
• Develop advanced detections for cloud-native threats, including IAM misconfigurations, lateral movement across services, runtime/container attacks, serverless abuse, data exfiltration, persistence, and cloud control-plane manipulation.
• Lead cloud threat research: track emergent attacker tradecraft, cloud-native TTPs, managed service abuse, supply-chain risks, ephemeral compute, and multi-cloud surfaces.
• Conduct advanced investigations using cloud logs, control-plane events, network telemetry, and container/runtime signals.
• Collaborate with cloud engineering, platform, and DevOps teams to embed telemetry early—driving instrumentation, log generation, audit events, and detection hooks.
• Recommend enhancements to observability and coverage, backed by gap analysis and adversary insights.
• Influence architecture through data-driven, adversary-focused perspectives and mentor detection engineers on standards, code quality, and methodology.

Qualifications & Requirements

To thrive, you'll bring:

• 8-15+ years in cloud threat detection, security engineering, incident response, threat hunting, or equivalent.
• Strong expertise in AWS and at least one of Azure or GCP; deep knowledge of control-plane events, service logs, runtime/containers, and networks.
• Proven design and delivery of high-fidelity cloud detections at scale, understanding FP/FN trade-offs and detection-as-code.
• Strong engineering: Python, Go, or similar; CI/CD, IaC, cloud automation.
• Leadership in complex cloud investigations, turning findings into durable logic.
• Expert understanding of cloud threat models: identity attacks, misconfigs, lateral movement, exfiltration, service exploitation.
• Ability to influence teams with rationale, evidence, and technical depth.

Bonus Points: Multi-cloud experience at scale, detection testing frameworks, attacker tradecraft knowledge, and strong communication grounded in adversary behavior.

Benefits & Perks

CrowdStrike offers market-leading compensation and equity awards, comprehensive physical and mental health benefits, and a supportive remote-first culture. Enjoy flexibility, autonomy, and perks designed for well-being and growth in a high-trust environment.

Career Growth

At CrowdStrike, career ownership is key. As Principal Engineer, you'll mentor teams, shape strategic initiatives, and grow into leadership roles. Our culture supports limitless passion and innovation, with opportunities to influence the Falcon platform and global cybersecurity.

Why Join CrowdStrike

Join a mission that matters: stopping breaches with cutting-edge AI-native tech. Work on massive scale, collaborate with top talent, and thrive in a hybrid model in vibrant Austin. CrowdStrike's remote-first culture, fanatical customer focus, and commitment to each other make us the place where the future of cybersecurity starts—with you.

Role FAQs

Q: Is this role fully remote? No, it's hybrid requiring 2-3 days/week on-site in Austin, TX.

Q: What clouds are prioritized? AWS primary, plus Azure or GCP.

Q: Experience level? 8-15+ years in cloud security/threat detection.

Q: Tech stack? Python/Go, detection-as-code, CI/CD, IaC.

Q: How does this fit CrowdStrike's mission? Directly advances Falcon platform's cloud protection, stopping breaches in real-time.