Security Identity Protection Specialist

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or related field preferred; equivalent experience considered.
• 5+ years of IT/cybersecurity experience with at least 3+ years focused on identity security/operations (Microsoft Entra ID/Azure AD, on‑prem AD, MFA, Conditional Access, SSO/SCIM).
• Hands‑on experience with CrowdStrike Identity Protection and SIEM/UEBA (e.g., Splunk) and cloud security platforms (e.g., Netskope).
• Experience with dark web monitoring and credential exposure remediation (CyberInt or equivalent).
• Proficiency in incident response, identity threat hunting, and detection engineering; scripting/automation (PowerShell, Python, REST/Graph/CS APIs, SOAR).
• Strong analytical, communication, and documentation skills; experience supporting audit and evidence requests.

Nice To Haves

• Security certifications such as Microsoft SC‑200/SC‑300, CISSP, SSCP, CompTIA Security+, GIAC (e.g., GMON/GCIH/GCDA), Okta Certified Administrator/Professional.
• Deep knowledge of identity attack paths, Kerberos/NTLM, session/token abuse, persistence techniques, and lateral movement.
• Experience working across global time zones and participating in on‑call rotations.

Responsibilities

• Operate, administer, and tune CrowdStrike Identity Protection to detect and stop identity threats (e.g., lateral movement, Kerberoasting/NTLM misuse, Golden/Silver Ticket, credential theft).
• Monitor and triage identity risk events and anomalies across SIEM and identity telemetry (e.g., impossible travel, atypical sign‑ins, MFA fatigue, session hijack); execute rapid containment (disable accounts, revoke sessions, invalidate tokens).
• Integrate dark web monitoring (CyberInt or equivalent) to identify exposed credentials and targeted campaigns; drive takedowns, credential resets, and layered mitigations.
• Build and execute incident response playbooks for credential compromise, privilege escalation, directory persistence, and identity‑based lateral movement; document findings and lessons learned.
• Detect anomalous privileged activity using SIEM/UEBA and Netskope telemetry; apply just‑in‑time and break‑glass patterns with IAM partners.
• Lead identity threat hunting and detection engineering (KQL/SQL/regex/Sigma) across SIEM/EDR/Identity platforms to close visibility gaps and reduce mean time to detect.
• Collaborate under our IAM shared responsibility model with Infrastructure and Security to validate mover risk, advise on Conditional Access/MFA exceptions, and mature shared runbooks.
• Produce metrics, dashboards, and reports on identity threats, response performance, and trends; support audits and evidence collection for identity‑related controls.
• Automate enrichment and response using PowerShell, Python, and APIs (REST/Graph/CrowdStrike; SOAR) to streamline investigations and orchestrate containment.
• Participate in readiness testing (tabletop, purple team) and integrate tools (Splunk, Netskope, ticketing, SOAR) to elevate our identity control efficacy.

Benefits

• robust benefits package including medical, dental, vision and prescription drug coverage with the option of a Health Savings Account with company contributions
• industry leading 401(k)savings plan
• insurance coverage
• employee assistance programs
• various wellness incentives
• paid vacation time
• sick time
• company holidays