Sr. Engineer II, EPICS, NG-SIEM (Hybrid)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn't changed - we're here to stop breaches, and we've redefined modern security with the world's most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We're always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

Our mission is to make all of our customers' security-relevant data continuously available for automated detection and response, threat hunting, and other Falcon platform use cases. To enable this, the systems behind NG-SIEM (next-generation security information and event management) are growing to accommodate >100 PB of event and action data ingested every day, up to 10 years of retention, and dozens of millions of queries per hour across large sections of the data stored, for tens of thousands of customers. As a Senior Engineer II on the newly established NG-SIEM EPICS (End-to-End Performance, Incident-response, Cost, and Scaling) team, you will own the reliability and scalability of the security industry's largest SIEM platform - treating these as software engineering problems rather than purely operational ones.

The NG-SIEM platform comprises many decoupled components interacting across complex pipelines. As we scale, ensuring end-to-end health across ingest, search, and workflow execution requires deep cross-service expertise and coordinated action. You will be the engineer who builds the observability, automation, and scaling systems that keep the entire platform performing - not just individual components. You will join a distributed team of high-ownership technical leaders who share a strong passion for our mission: to stop breaches.

This is a hybrid opportunity, with the expectation to be in our Austin, TX office 2-3x a week.

What You'll Do:

• End-to-end observability: Design, build, and maintain monitoring and synthetic test suites that provide deep visibility into the health of the entire NG-SIEM pipeline - from ingest through search and workflow execution - enabling rapid root cause analysis across component boundaries.
• Coordinated scaling: Engineer orchestrated scaling solutions that treat the NG-SIEM pipeline as a unified system, proportionally increasing resources across all dependent components (Kafka, ingest pipelines, downstream services) to eliminate cascading bottleneck patterns.
• Incident response engineering: Serve as a subject matter expert during platform-wide incidents (P2 and above), applying cross-service knowledge to diagnose and resolve multi-component failures. Partake in follow-the-sun on-call rotations, providing incident commander coordination for critical platform-wide events.
• Capacity planning and cost management: Build and refine models for end-to-end capacity forecasting that account for all pipeline dimensions, including partner team dependencies (data services, GPS). Develop tooling to continuously track and surface cost drivers across the platform.
• Automation and runbooks: Transform manual standard operating procedures into automated remediation workflows - including pipeline-wide scaling responses, CID rebalancing, and infrastructure healing - with the goal of resolving issues before customers are impacted.
• Cross-team collaboration: Partner with cell-level teams, product engineering, GDI/3PI, and external stakeholders (e.g., CSM) to triage SLO breaches, drive problem management for large reliability efforts, and ensure consistent communication during incidents.
• Platform improvements: Use your broad NG-SIEM knowledge to identify and drive systemic improvements across teams, contributing to the platform's long-term resilience and efficiency.

• A passion for reliability engineering and curiosity about how large-scale running systems behave under pressure;
• 10+ years of experience in software engineering, site reliability engineering, or platform engineering, with significant time spent on large-scale distributed systems, and the ability to make pragmatic tradeoffs between short-term delivery needs and long-term platform goals;
• Strong proficiency in at least one systems programming language (Go, Java, Rust, or C++) and one scripting language (Python, Bash);
• Deep experience with end-to-end observability - building monitoring pipelines, defining SLIs/SLOs, and creating dashboards that drive actionable insights across multi-service architectures;
• Demonstrated ability to diagnose and resolve complex incidents spanning multiple distributed components operating 24/7;
• Experience with coordinated capacity planning and scaling for systems with significant infrastructure footprints;
• Hands-on experience with streaming platforms (Kafka or similar) and understanding of back pressure, partition management, and consumer group dynamics at scale;
• Familiarity with infrastructure-as-code, CI/CD pipelines, and automated deployment practices;
• A can-do attitude - you thrive collaborating in a team and are not afraid of taking on responsibilities;
• Strong written and verbal communication skills - you will lead incident communications and produce post-incident analyses that drive lasting improvements;
• Comfort working across time zones with globally distributed teams.

• Experience in a similar reliability or platform engineering role at a hyperscaler (AWS, Azure, GCP) or large-scale SaaS provider;
• Track record of building automated remediation and self-healing infrastructure;
• Experience with cost modeling and unit economics for large compute and storage footprints;
• Familiarity with cloud-native architectures and serverless computing paradigms;
• Hands-on experience operating platforms processing over 1 trillion events per day or more than 10 PB of data per day;
• Exposure to or experience with Log Management, cybersecurity products, or security operations workflows;
• Experience with disaster recovery planning and execution for multi-region systems.

• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe