Job Description
Protect identities at global scale. We're hiring a hands-on Senior Identity Protection Engineer/Specialist to lead detection, investigation, and response for identity-based threats across Microsoft Entra ID/Azure AD, on prem Active Directory, and connected SaaS/IaaS. You'll serve as the enterprise SME/administrator for CrowdStrike Identity Protection, tune high-fidelity detections, integrate dark web intelligence, and orchestrate automation that measurably reduces MTTD/MTTR and risk.What you'll doLead identity threat monitoring and triageOperate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign ins, MFA fatigue, and session hijackingValidate true/false positives, prioritize by business impact, and escalate per playbooks/SLAsDrive rapid containment and remediationExecute containment actions (disable accounts, revoke sessions/tokens, isolate hosts)Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closureOwn identity-focused incident responseLead IR for credential compromise, privilege escalation, directory persistence, and lateral movementEnsure evidence handling, root cause analysis, post incident reviews, and lessons learnedEngineer detections and hunt for threatsBuild and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CKClose visibility gaps, reduce false positives, and expand privileged activity monitoringStrengthen privileged access controlsDetect anomalous privileged behavior via SIEM/UEBA and Netskope telemetryRecommend/enforce JIT, break glass patterns, and mover/leaver privilege hygiene with IAMRespond to dark web/credential exposureIntegrate sources like CyberInt; assess exposure and targeted campaignsOrchestrate takedowns, forced resets, token revocation, and Conditional Access updatesAdminister platforms and sustain hygieneMaintain coverage/health for identity monitoring; manage upgrades and changes via CABKeep operational runbooks, SOPs, and playbooks currentAutomate and orchestrate at scaleUse PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable) to automate enrichment and response, standardize workflows, and improve signal fidelityShape identity policy and controlsAdvise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared responsibility model with IAMReport outcomes and support auditsProduce executive-ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time)Maintain audit-ready evidence and support internal/external auditsWhat you'll bringBachelor's degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience8+ years in IT/cybersecurity, including 3+ years focused on identity security/operations (Entra ID/Azure AD, on prem AD, MFA, Conditional Access, SSO/SCIM)Hands-on enterprise experience administering/operating CrowdStrike Identity ProtectionProficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigationsDemonstrated experience in identity centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma)Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOARClear communication and documentation skills; comfortable producing executive ready reports and audit evidenceOperates effectively within change control/CAB and under pressure during high severity incidentsBonus pointsCertifications: Microsoft SC 200/SC 300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalentDeep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow)Experience with JIT/JEA, PAM concepts, and global on call rotationsLocation, work style, and travelOpportunities in the United States, United Kingdom, and DenmarkOnsite or hybrid depending on location and business needsOccasional on call coverage may be requiredWhy you'll love it hereOwn a mission critical identity defense stack and make measurable impact on MTTD/MTTR and privilege hygieneSolve complex problems from dark web exposure to directory persistence and lateral movementCollaborate with experienced global teams and leading vendors to continuously raise the barGrow your career in a modern, data driven security operations environmentThis is a global position that will support all our FUJIFILM Biotechnologies sites. This position can be based at any of our locations around the globe. Benefits and compensation will be governed by the location that you are based from and considered your home site.As part of any recruitment process, FUJIFILM Diosynth Biotechnologies collects and processes personal data relating to job applicants. The organization is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations and may share this as part of the global recruitment process with hiring managers in Europe and the United States.Please, no phone calls or emails to any employee of FUJIFILM about this requisition. All resumes submitted by search firms/employment agencies to any employee at FUJIFILM via-email, the internet or in any form and/or method will be deemed the sole property of FUJIFILM, unless such search firms/employment agencies were engaged by FUJIFILM for this requisition and a valid agreement with FUJIFILM is in place. In the event a candidate who was submitted outside of the FUJIFILM agency engagement process is hired, no fee or payment of any kind will be paid.