Senior Manager – CrowdStrike Identity Architect

Job Description

Company: Kroll

Location: New York, US

At Kroll, we provide reactive, advisory, transformation, and managed security services to support clients at every stage of their path toward cyber and data resilience maturity. Our experts bring decades of experience in cyber risk consultancy, helping organizations across the world simplify and reduce the complexity of implementing, transforming, and managing their cyber programs. Through our strategic multi-year partnership with CrowdStrike, we combine world-class investigative expertise with an AI-native platform to redefine the future of managed detection and response, delivering faster outcomes, stronger protection, and greater resilience for organizations worldwide.

Our Cyber & Data Resilience capability is hiring a Manager or Senior Manager to build and lead Kroll’s CrowdStrike Falcon Identity Security consulting practice. With the launch of Falcon Next-Gen Identity Security, CrowdStrike unified initial access prevention, modern PAM, ITDR, SaaS identity security, and agentic (AI agent) identity protection into a single sensor and console. Kroll clients need a consulting partner who can assess their current identity posture, architect the right Falcon Identity target state, implement it across hybrid AD / Entra ID / Okta / SaaS environments, advise their leadership on the journey, and build the customizations — detections, automations, workflows, integrations — that make the platform sing for each client.

This is a player-coach role. The “Manager” or “Senior Manager” title does not mean hands-off oversight. You will personally lead engagement delivery — running assessments, drawing the architecture, configuring the platform, and writing the custom content — while mentoring junior consultants and partnering with CrowdStrike account teams on scoping and pre-sales.

This role reports into the Engineered Defense / Tech Transformation leadership team and partners closely with Kroll’s Cybersecurity Transformation, Managed Services, and CrowdStrike Services portfolios.

ASSESS

Lead identity security current-state assessments across hybrid environments — Active Directory, Entra ID, Okta, federated SaaS — quantifying exposure from stale accounts, shadow admins, weak/duplicate credentials, unconstrained delegation, ADCS misconfiguration, overprovisioned non-human identities, and risky conditional access gaps.

Run Falcon Identity hygiene assessments to baseline client posture, prioritize findings by business risk, and produce executive-ready remediation roadmaps tied to Zero Trust and NIST/CIS reference frameworks.

Evaluate existing IAM, PAM, and MFA tooling against Falcon Next-Gen Identity Security capabilities to inform consolidation, replacement, or coexistence strategies.

ARCHITECT

Design end-to-end architectures for Falcon Identity Protection deployments — sensor placement, domain controller coverage, identity risk scoring, conditional access policy, and integration with Entra ID, Okta, and SaaS identity providers.

Architect Falcon Privileged Access rollouts to eliminate standing privileges and enable just-in-time access across Entra ID, on-prem AD, and local systems, with intuitive role-based labels and Microsoft Teams / Falcon Fusion SOAR integration.

Design FalconID phishing-resistant MFA rollouts (FIDO2, Falcon for Mobile), including device enrollment strategy, proximity-based authentication, and risk-aware policy tied to telemetry from across the Falcon platform.

Define integration patterns for Falcon Identity telemetry into Falcon Next-Gen SIEM (LogScale) and identity-driven case management workflows.

Produce target-state reference architectures, sequencing plans, and migration runbooks tailored to client maturity, scale, and regulatory profile.

IMPLEMENT

Personally configure and deploy Falcon Identity Protection, Falcon Privileged Access, and FalconID in client environments — including sensor rollout, policy tuning, conditional access enforcement, MFA enrollment, and JIT/PAM workflow buildout.

Operationalize identity-driven case management inside Falcon Next-Gen SIEM, including cross-domain enrichment from endpoint, cloud, and SaaS telemetry.

Stand up automation through Falcon Fusion SOAR for identity response actions (auto-MFA, JIT revocation, session termination, password reset, account containment).

Support cutover from legacy IAM/PAM/MFA tooling with rollback plans, parallel-run validation, and end-user adoption playbooks.

ADVISE

Serve as trusted advisor to CISOs, Identity Architects, IAM leaders, and Boards on identity strategy, Zero Trust roadmap, and the transition to AI-era identity security (human, non-human, and AI agent identities).

Translate technical identity posture into business risk language and prioritized investment recommendations.

Partn

Source: BeBee