CrowdStrike Identity Security Engineer (ITDR/CSPM)
Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. We are seeking a highly experienced CrowdStrike ITDR / Cloud Security Subject Matter Expert to take full ownership of the Identity Threat Detection & Response (ITDR) and Cloud-Native Application Protection (CNAPP/CSPM) domains on behalf of a large federal agency. This is an ownership-oriented role — not a support function. You will serve as the definitive technical authority for CrowdStrike Falcon Identity Protection and Cloud Security, proactively identifying threats and misconfigurations, leading governance and stakeholder communications, and driving continuous improvements to the agency's identity and cloud security posture. The right candidate brings 7 or more years of cybersecurity experience, including at least 2–3 years of hands-on CrowdStrike Falcon platform administration, and thrives in environments where autonomy and accountability go hand in hand. This role is fully remote and follows Central Time business hours for collaborative work. This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency is required. If hired, all work related to this role must be performed within the continental U.S. Responsibilities: Own end-to-end strategy, implementation, and operational health of CrowdStrike Falcon Identity Protection and the CSPM capabilities within CrowdStrike Cloud Security Proactively identify identity-based threats, misconfigurations, and cloud security gaps; drive remediation to closure in accordance with client policies and procedures Configure, tune, and maintain identity protection policies, IOM and IOA policies, and risk-based authentication controls Serve as the escalation point and trusted technical advisor to client leadership on identity and cloud security matters Develop runbooks, detection logic, and automation to reduce manual effort and improve response times Monitor the threat landscape and translate emerging risks into actionable hardening recommendations Coordinate and lead governance calls with stakeholders; produce agenda, notes, and follow-up actions independently Partner with other cybersecurity teams to integrate CrowdStrike telemetry into broader security operations Produce metrics, dashboards, and executive-level reporting on identity and cloud security posture Apply deep knowledge of identity-based attack techniques — including lateral movement, credential theft, Kerberoasting, and pass-the-hash — to inform detection and response strategy
Requirements
Must-Have: 7+ years of cybersecurity experience with a minimum of 2–3 years of hands-on administration of the CrowdStrike Falcon platform Demonstrated expertise with CrowdStrike Falcon Identity Protection, including policy configuration, threat detection, and conditional access Strong working knowledge of CrowdStrike Cloud Security, specifically CSPM Deep understanding of identity and access management concepts: Active Directory, Azure AD/Entra ID, LDAP, Kerberos, SAML, and OAuth Hands-on cloud security experience with Microsoft Azure including IAM, network security, and posture management Solid understanding of privileged access management and identity-based attack techniques (lateral movement, credential theft, Kerberoasting, pass-the-hash) Proven ability to work autonomously, set priorities, and drive outcomes without close supervision Strong written and verbal communication skills, including ability to explain technical risk to non-technical stakeholders Background in consulting or client-facing delivery roles Bachelor's degree in a related field or equivalent practical experience (4 additional years of relevant experience) At least one of the following active certifications: CWNE, CNDA (EC-Council), CEH (EC-Council), GPPA (GIAC), GCUX (GIAC), GCWN (GIAC), GMON (GIAC), GSE (GIAC), ITIL v3 Foundations, CCSP (ISC2), CISSP (ISC2), CISSP-ISSAP (ISC2), CISSP-ISSEP (ISC2), SSCP (ISC2), GWEB (GIAC), GISF (GIAC), GISP (GIAC), GSSP-.NET (GIAC), GSSP-JAVA (GIAC), GSEC (GIAC), or GSLC (GIAC) US Citizenship or Permanent Residency required; must be eligible for and willing to obtain a public trust clearance All work must be performed within the continental United States Preferred / Nice-to-Have: CrowdStrike Certified Cyber Security (CCCS) certification Experience with Splunk and ServiceNow SOMS Familiarity with Zero Trust architecture and frameworks including NIST and MITRE ATT&CK Experience integrating CrowdStrike with third-party identity and security tooling Previous federal contracting experience Skill(s) Technical Skills: CrowdStrike Falcon Identity Protection (ITDR) — policy configuration, detection tuning, conditional access CrowdStrike Cloud Security / CSPM — IOM and IOA policy management, cloud posture assessment Microsoft Azure — IAM, Entra ID, network security, posture management Active Directory and Azure Active Directory / Entra ID administration Identity and access management protocols: LDAP, Kerberos, SAML, OAuth Privileged access management (PAM) concepts and tooling Threat detection and identity-based attack technique knowledge (lateral movement, Kerberoasting, pass-the-hash, credential theft) Runbook and detection logic development Security metrics and executive reporting / dashboard creation Automation development for security operations Splunk (preferred) ServiceNow SOMS (preferred) Zero Trust architecture frameworks (NIST, MITRE ATT&CK) Soft Skills: Self-directed initiative — proactively identifies risks and drives solutions without waiting for direction Executive-level communication — translates complex technical risk to non-technical stakeholders Governance and stakeholder management — owns and leads recurring client governance calls Critical thinking and independent judgment Continuous improvement mindset Accountability — treats the client's security posture as their own Written communication — runbooks, reports, recommendations
Benefits
Dragonfli Group offers a comprehensive benefits package that includes: Medical — Multiple POS health plan options including an HSA-compatible plan Dental — PPO coverage for preventive, basic, and major services Vision — Annual exam, frames, lenses, and contact lens allowance 401(k) — Employer match up to 5% of eligible compensation PTO — 15–25 days annually based on tenure Paid Federal Holidays — All 11 federal holidays observed Travel null Apply To This Job