Endpoint Security Lead - CrowdStrike

Make Your Mark At AIG, technology is at the heart of everything we do, from underwriting risks to processing claims. The Information Technology (IT) team equips our colleagues with the latest tools to complete their work efficiently, with the highest standards of excellence. The team is responsible for shielding the company's systems from security risks, while designing technology strategies that enable AIG's businesses to achieve their goals.

Innovation in IT drives innovation across the organization How you will create an impact The Crowd Strike Endpoint Security Lead will be part of AIG's Enterprise Information Security Organization, responsible for overseeing the deployment, configuration, administration, and ongoing optimization of the Crowd Strike Falcon platform across the enterprise. This role ensures the organization's endpoints remain protected against advanced threats by leveraging Crowd Strike's full suite of capabilities, including NGAV, EDR, Identity Protection, Exposure management, Crowd Strike Mobile, and threat hunting.

The ideal candidate has hands-on expertise with endpoint security technologies, strong analytical skills, and proven experience leading enterprise-scale security initiatives. The candidate must have extensive experience securing enterprise-level Cloud services, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) across multiple cloud providers, including AWS, and Microsoft Azure (Azure). The individual in this position will lead as subject matter expert (SME) working in a team of Engineers and interacts closely with other IT groups like Security Architecture, Infrastructure Build and Operations teams, and GCDC SOC analysts for research and remediation of Security vulnerabilities, controls, and settings.

The Crowd Strike Endpoint Security Lead is primarily responsible for but not limited to the following functions:
* Platform Ownership & Administration *

Serve as the primary administrator and SME for the Crowd Strike Falcon platform.
* Manage endpoint agent deployment, policy configurations, sensor health, and reporting.
* Work with stakeholders to Test, maintain, and enforce security prevention policies and procedures of Crowd Strike Falcon Platform.
* Lead endpoint protection posture improvements, including policy tuning and prevention rule updates.
* Ensure sensor coverage and compliance across workstations, servers, and cloud workloads.
* Threat Detection & Response *

• Monitor and triage Crowd Strike alerts, detections, and dashboards.
  * Work with SOC and Incident Response teams to investigate and remediate endpoint threats.
  * Leverage Falcon Insight and Real Time Response to contain, isolate, and eradicate threats.
  * Perform post-incident analysis and implement preventative measures.
  * Identity Protection *
• Manage Crowd Strike Identity Protection/ITDR modules and integrations.
  * Support MFA, conditional access, and endpoint identity controls.
  * Integration & Engineering *
• Integrate Crowd Strike with SIEM, SOAR, vulnerability management tools, and other security platforms.
  * Lead Crowd Strike version upgrades, module rollouts, and configuration changes.
  * Develop automation and workflows using APIs, scripts, and reporting tools.
  * Governance, Reporting & Compliance *
• Produce executive-level and operational security reports - including monthly true-up process indicating Crowd Strike coverage globally.
  * Ensure endpoint security posture aligns with frameworks (NIST, CIS, ISO, etc.).
  * Support internal/external audits and regulatory compliance requirements.
  * Team Leadership & Collaboration *
• Provide technical directions to junior security analysts and engineers.
  * Work closely with IT, Infrastructure, and Desktop teams on deployment strategy.
  * Liaise with Crowd Strike support, TAMs, and product teams when necessary. What you'll need to succeed
  * Bachelor's degree in computer science or other technical disciplines or equivalent relevant experience.
  * 10+ years in an IT Security Engineering or Operations role with a focus on Endpoint Security Management tools.
  * Expert level knowledge in Crowd Strike Falcon Platform. *
• Crowd Strike DLP
  * Next Generation SEIM
  * Exposure management
  * Fusion SOAR
  * Investigate
  * Log Scale
  * Host setup and management
  * API Configuration
  * Identity Protection
  * Intermediate level knowledge is highly desired for below platforms: *
• Tanium
  * Microsoft Defender DLP for Endpoint
  * Lookout for Mobile
  * Azure WVD / Citrix
  * Ansible
  * Knowledge of cyber security practices, challenges, tools and techniques
  * Recent and relevant experience in vulnerability analysis and exploitation techniques.
  * Troubleshoot issues within the product when necessary, assisting different teams, crash dumps, performance monitor and release blockers.
  * In depth knowledge of Critical Security Controls like NIST, CIS Benchmarks, DISA STIG standards etc.
  * Familiarity with International Security standards and Industry framework…