Senior Manager - Cloud Security Engineer - Kroll

At Kroll , we provide reactive, advisory, transformation, and managed security services to support clients at every stage of their path toward cyber and data resilience maturity. Our experts bring decades of experience in cyber risk consultancy, helping organizations across the world simplify and reduce the complexity of implementing, transforming, and managing their cyber programs. Through our strategic multi-year partnership with CrowdStrike, we combine world-class investigative expertise with an AI-native platform to redefine the future of managed detection and response, delivering faster outcomes, stronger protection, and greater resilience for organizations worldwide.

The Cyber & Data Resilience capability is hiring a Manager or Senior Manager to build and lead Kroll 's CrowdStrike Falcon Cloud Security deployment practice . Falcon Cloud Security is the industry's first unified Cloud-Native Application Protection Platform (CNAPP), spanning CSPM, CWP, CIEM, KSPM, ASPM, DSPM, IaC scanning, and container and Kubernetes runtime protection across AWS, Azure, and Google Cloud — delivered through one sensor and one console, with both agent-based and agentless coverage.

Kroll clients need a partner who can deploy, configure, integrate, and tune Falcon Cloud Security end-to-end inside their Falcon tenant — registering cloud accounts at scale across AWS Organizations, Azure tenants, and GCP projects; rolling out runtime protection across VMs, containers, and Kubernetes; wiring cloud log telemetry into Falcon Next-Gen SIEM for detection engineering; building Fusion SOAR playbooks for cloud-native response; and tuning IOM (Indicators of Misconfiguration) and IOA (Indicators of Attack) policies to maximize signal and minimize noise in each client's cloud estate.

This is a player-coach role . The “Manager” or “Senior Manager” title does not mean hands-off oversight. You will personally lead engagement delivery — onboarding cloud accounts, deploying sensors and admission controllers, configuring CNAPP modules, building detection content, and integrating with the broader Falcon stack — while mentoring junior consultants and partnering with CrowdStrike account teams on scoping.

This role reports into the Engineered Defense / Tech Transformation leadership team and partners closely with Kroll ’s Identity, Next-Gen SIEM, AIDR, and CrowdStrike Services delivery teams.

Deploy

Onboard client AWS, Azure, and GCP environments to Falcon Cloud Security at scale — using AWS CloudFormation StackSets across AWS Organizations, Bicep / Entra ID integrations for Azure tenants and management groups, and service account patterns for GCP projects and folders.

Deploy the Falcon sensor across cloud workloads — EC2 / Azure VMs / GCE instances, container hosts, Kubernetes nodes — and stand up agentless snapshot-based scanning to fill coverage gaps.

Deploy the Kubernetes Admission Controller to enforce pre-runtime