-
Lead identity threat monitoring and triage
-
Operate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign‑ins, MFA fatigue, and session hijacking
-
Validate true/false positives, prioritize by business impact, and escalate per playbooks/SLAs
-
Drive rapid containment and remediation
-
Execute containment actions (disable accounts, revoke sessions/tokens, isolate hosts)
-
Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closure
-
Own identity-focused incident response
-
Lead IR for credential compromise, privilege escalation, directory persistence, and lateral movement
-
Ensure evidence handling, root cause analysis, post‑incident reviews, and lessons learned
-
Engineer detections and hunt for threats
-
Build and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CK
-
Close visibility gaps, reduce false positives, and expand privileged activity monitoring
-
Strengthen privileged access controls
-
Detect anomalous privileged behavior via SIEM/UEBA and Netskope telemetry
-
Recommend/enforce JIT, break‑glass patterns, and mover/leaver privilege hygiene with IAM
-
Respond to dark web/credential exposure
-
Integrate sources like CyberInt; assess exposure and targeted campaigns
-
Orchestrate takedowns, forced resets, token revocation, and Conditional Access updates
-
Administer platforms and sustain hygiene
-
Maintain coverage/health for identity monitoring; manage upgrades and changes via CAB
-
Keep operational runbooks, SOPs, and playbooks current
-
Automate and orchestrate at scale
-
Use PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable) to automate enrichment and response, standardize workflows, and improve signal fidelity
-
Shape identity policy and controls
-
Advise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared‑responsibility model with IAM
-
Report outcomes and support audits
-
Produce executive-ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time)
-
Maintain audit-ready evidence and support internal/external audits
-
Bachelor’s degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience
-
8+ years in IT/cybersecurity, including 3–5+ years focused on identity security/operations (Entra ID/Azure AD, on‑prem AD, MFA, Conditional Access, SSO/SCIM)
-
Hands-on enterprise experience administering/operating CrowdStrike Identity Protection
-
Proficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigations
-
Demonstrated experience in identity‑centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma)
-
Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOAR
-
Clear communication and documentation skills; comfortable producing executive‑ready reports and audit evidence
-
Operates effectively within change control/CAB and under pressure during high‑severity incidents
-
Certifications: Microsoft SC‑200/SC‑300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalent
-
Deep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow)
-
Experience with JIT/JEA, PAM concepts, and global on‑call rotations
-
Opportunities in the United States, United Kingdom, and Denmark
-
Onsite or hybrid depending on location and business needs
-
Occasional on‑call coverage may be required
-
Own a mission‑critical identity defense stack and make measurable impact on MTTD/MTTR and privilege hygiene
-
Solve complex problems from dark web exposure to directory persistence and lateral movement
-
Collaborate with experienced global teams and leading vendors to continuously raise the bar
-
Grow your career in a modern, data‑driven security operations environment
Our programs are designed to focus on maintaining and enhancing all pillars of health with a robust benefitspackage including medical, dental, vision and prescription drug coverage with the option of a Health SavingsAccount with company contributions. In addition, we offer an industry leading 401(k)savings plan, insurancecoverage, employee assistance programs and various wellness incentives. We support life-work balancewith paid vacation time, sick time, and company holidays. Explore a supportive environment that enrichesboth your personal and professional growth!
This is a global position that will support all our FUJIFILM Biotechnologies sites. This position can be based at any ofour locations around the globe. Benefits and compensation will be governed by the location that you are based from andconsidered your home site.
As part of any recruitment process, FUJIFILM Diosynth Biotechnologies collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations and may share this as part of the global recruitment process with hiring managers in Europe and the United States.
Please, no phone calls or emails to any employee of FUJIFILM about this requisition. Allresumes submitted by search firms/employment agencies to any employee at FUJIFILM via-email, theinternet or in any form and/or method will be deemed the sole property of FUJIFILM, unless such searchfirms/employment agencies were engaged by FUJIFILM for this requisition and a valid agreement withFUJIFILM is in place. In the event a candidate who was submitted outside of the FUJIFILM agencyengagement process is hired, no fee or payment of any kind will be paid.
