At Kroll, we provide reactive, advisory, transformation, and managed security services to support clients at every stage of their path toward cyber and data resilience maturity. Our experts bring decades of experience in cyber risk consultancy, helping organizations across the world simplify and reduce the complexity of implementing, transforming, and managing their cyber programs. Through our strategic multi-year partnership with CrowdStrike, we combine world-class investigative expertise with an AI-native platform to redefine the future of managed detection and response, delivering faster outcomes, stronger protection, and greater resilience for organizations worldwide.

Our Cyber & Data Resilience capability is hiring a Manager or Senior Manager to build and lead Kroll's CrowdStrike Falcon Identity Security consulting practice. With the launch of Falcon Next-Gen Identity Security, CrowdStrike unified initial access prevention, modern PAM, ITDR, SaaS identity security, and agentic (AI agent) identity protection into a single sensor and console. Kroll clients need a consulting partner who can assess their current identity posture, architect the right Falcon Identity target state, implement it across hybrid AD / Entra ID / Okta / SaaS environments, advise their leadership on the journey, and build the customizations — detections, automations, workflows, integrations — that make the platform sing for each client.

This is a player-coach role. The “Manager” or “Senior Manager” title does not mean hands-off oversight. You will personally lead engagement delivery — running assessments, drawing the architecture, configuring the platform, and writing the custom content — while mentoring junior consultants and partnering with CrowdStrike account teams on scoping and pre-sales.

This role reports into the Engineered Defense / Tech Transformation leadership team and partners closely with Kroll’s Cybersecurity Transformation, Managed Services, and CrowdStrike Services portfolios.

Assess

• Lead identity security current-state assessments across hybrid environments — Active Directory, Entra ID, Okta, federated SaaS — quantifying exposure from stale accounts, shadow admins, weak/duplicate credentials, unconstrained delegation, ADCS misconfiguration, overprovisioned non-human identities, and risky conditional access gaps.

• Run Falcon Identity hygiene assessments to baseline client posture, prioritize findings by business risk, and produce executive-ready remediation roadmaps tied to Zero Trust and NIST/CIS reference frameworks.

• Evaluate existing IAM, PAM, and MFA tooling against Falcon Next-Gen Identity Security capabilities to inform consolidation, replacement, or coexistence strategies.

Architect

• Design end-to-end architectures for Falcon Identity Protection deployments — sensor placement, domain controller coverage, identity risk scoring, conditional access policy, and integration with Entra ID, Okta, and SaaS identity providers.

• Architect Falcon Privileged Access rollouts to eliminate standing privileges and enable just-in-time access across Entra ID, on-prem AD, and local systems, with intuitive role-based labels and Microsoft Teams / Falcon Fusion SOAR integration.

• Design FalconID phishing-resistant MFA rollouts (FIDO2, Falcon for Mobile), including device enrollment strategy, proximity-based authentication, and risk-aware policy tied to telemetry from across the Falcon platform.

• Define integration patterns for Falcon Identity telemetry into Falcon Next-Gen SIEM (LogScale) and identity-driven case management workflows.

• Produce target-state reference architectures, sequencing plans, and migration runbooks tailored to client maturity, scale, and regulatory profile.

Implement

• Personally configure and deploy Falcon Identity Protection, Falcon Privileged Access, and FalconID in client environments — including sensor rollout, policy tuning, conditional access enforcement, MFA enrollment, and JIT/PAM workflow buildout.

• Operationalize identity-driven case management inside Falcon Next-Gen SIEM, including cross-domain enrichment from endpoint, cloud, and SaaS telemetry.

• Stand up automation through Falcon Fusion SOAR for identity response actions (auto-MFA, JIT revocation, session termination, password reset, account containment).

• Support cutover from legacy IAM/PAM/MFA tooling with rollback plans, parallel-run validation, and end-user adoption playbooks.

Advise

• Serve as trusted advisor to CISOs, Identity Architects, IAM leaders, and Boards on identity strategy, Zero Trust roadmap, and the transition to AI-era identity security (human, non-human, and AI agent identities).

• Translate technical identity posture into business risk language and prioritized investment recommendations.

• Partner with CrowdStrike account teams on identity-focused pre-sales scoping, solution design, proposal development, and joint go-to-market motions.

Customize and Build

• Develop custom CQL content, identity-focused detections, and Fusion SOAR playbooks reusable across Kroll engagements.

• Build custom Charlotte AI prompts and agentic workflows for identity use cases (risk triage, access reviews, executive risk reporting).

• Integrate Falcon Identity with HRIS / ITSM / governance platforms to automate joiner/mover/leaver, access certification, and access request workflows.

• Build assessment templates, deployment runbooks, design patterns, and delivery enablement that scale the practice and accelerate every subsequent engagement.

Build the Practice

• Mentor consultants and senior consultants delivering identity work.

• Contribute to Kroll’s published thought leadership on identity security, AI agent governance, and hybrid identity modernization.

• 5+ years (Manager) or 7+ years (Senior Manager) of hands-on experience across identity security, IAM, PAM, or MFA — with meaningful operational ownership of Active Directory, Entra ID, Okta, or equivalent identity platforms in enterprise environments.

• Hands-on experience with the CrowdStrike Falcon platform, including Falcon Identity Protection. Working knowledge of Falcon Insight (EDR) and Falcon Next-Gen SIEM / LogScale is required.

• Demonstrated experience assessing, architecting, and implementing identity solutions in hybrid environments — not just operating them.

• Strong working knowledge of identity protocols and standards: SAML, OIDC, OAuth 2.0, SCIM, FIDO2/WebAuthn, Kerberos, LDAP.

• Experience designing or deploying modern PAM (CyberArk, BeyondTrust, Delinea, Falcon Privileged Access, or equivalent) and MFA solutions (FIDO2, Duo, Okta Verify, Microsoft Authenticator, YubiKey).

• Working understanding of the identity attack surface Falcon Identity defends against (Kerberoasting, AS-REP roasting, DCSync, NTLM relay, ADCS abuse, OAuth/token abuse, AiTM phishing, MFA fatigue) so architecture and detection decisions are grounded in attacker reality.

• Hands-on scripting and query proficiency: PowerShell, Python, CQL (CrowdStrike Query Language); KQL a plus.

• Prior consulting delivery experience — scoping, leading, and personally executing engagements for external clients.

• Demonstrated ability to brief CISOs, Identity Architects, and executive stakeholders in business terms.

• Bachelor’s degree in a relevant field or equivalent professional experience.

• CrowdStrike Certified Identity Specialist (CCIS) certification — strongly preferred.

• Additional CrowdStrike credentials: CCFA, CCFR, CCSA, CCSE, CCCS.

• Identity-focused industry certifications: Microsoft SC-300, Okta Certified Professional/Administrator/Consultant, SailPoint IdentityIQ/IdentityNow, CyberArk CDE/Sentry/Guardian, CISSP.

• Experience with Charlotte AI agentic workflows and Falcon Fusion SOAR automation for identity use cases.

• Experience designing non-human and AI agent identity governance — service account hardening, secret-less authentication, AI agent privilege scoping, shadow AI discovery.

• Experience deploying or migrating to identity-driven case management in Falcon Next-Gen SIEM with cross-domain correlation across identity, endpoint, cloud, and SaaS.

• Prior tier-1 consulting experience (Big 4, CrowdStrike Services, Mandiant, Unit 42, or equivalent).

• Speaking or writing on identity security (Fal.Con, Gartner IAM Summit, Identiverse, RSA, FS-ISAC).

• Experience supporting M&A identity due diligence or post-acquisition tenant consolidation.

Your recruiter will be happy to walk you through your U.S.-specific benefits, which include:

• Healthcare Coverage: Comprehensive medical, dental, and vision plans.

• Time Off and Leave Policies: Generous paid time off (PTO), paid company holidays, generous parental and family leave.

• Protective Insurances: Life insurance, short- and long-term disability coverage, and accident protection.

• Compensation and Rewards: Competitive salary structures, performance-based incentives, and merit-based compensation reviews.

• Retirement Plans: 401(k) plans with company matching.

Please note that benefits may vary by region, department and role. We encourage you to speak with your recruiter to learn more about the specific benefits available for your position.

About Kroll

Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.

In order to be considered for a position, you must formally apply via careers.kroll.com.

We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability.

The current salary range for this position is $150,000 to $200,000

#LI-CN1

#LI-Remote