Senior Identity Protection Specialist in Billingham

Protect identities at a global scale. We're hiring a hands-on Senior Identity Protection Engineer/Specialist to lead detection, investigation, and response for identity-based threats across Microsoft Entra ID/Azure AD, on-prem Active Directory, and connected SaaS/IaaS.

What you'll do:

• Lead identity threat monitoring and triage
• Operate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign-ins, MFA fatigue, and session hijacking
• Validate true/false positives, prioritise by business impact, and expedite per playbooks/SLAs
• Drive rapid containment and remediation
• Execute containment actions (disable accounts, revoke sessions/tokens, isolate hosts)
• Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closure
• Own identity-focused incident response; lead IR for credential compromise, privilege escalation, directory persistence, and lateral movement
• Ensure evidence handling, root cause analysis, post-incident reviews, and lessons learned
• Engineer detections and hunt for threats
• Build and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CK
• Close visibility gaps, reduce false positives, and expand privileged activity monitoring
• Strengthen privileged access controls; detect anomalous privileged behaviour via SIEM/UEBA and Netskope telemetry
• Recommend/enforce JIT, break glass patterns, and mover/leaver privilege hygiene with IAM
• Respond to dark web/credential exposure; integrate sources like CyberInt; assess exposure and targeted campaigns
• Orchestrate takedowns, forced resets, token revocation, and Conditional Access updates
• Administer platforms and sustain hygiene; maintain coverage/health for identity monitoring; manage upgrades and changes via CAB
• Keep operational runbooks, SOPs, and playbooks current
• Automate and orchestrate at scale using PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable)
• Shape identity policy and controls; advise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared responsibility model with IAM
• Report outcomes and support audits; produce executive-ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time)
• Maintain audit-ready evidence and support internal/external audits

What you'll bring:

• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience
• 8+ years in IT/cybersecurity, including 3+ years focused on identity security/operations (Entra ID/Azure AD, on-prem AD, MFA, Conditional Access, SSO/SCIM)
• Hands-on enterprise experience administering/operating CrowdStrike Identity Protection
• Proficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigations
• Demonstrated experience in identity-centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma)
• Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOAR
• Clear communication and documentation skills; comfortable producing executive-ready reports and audit evidence
• Operates effectively within change control/CAB and under pressure during high severity incidents

Bonus points:

• Certifications: Microsoft SC 200/SC 300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalent
• Deep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow)
• Experience with JIT/JEA, PAM concepts, and global on-call rotations

Location, work style, and travel:

Opportunities in the United States, United Kingdom, and Denmark. Onsite or hybrid depending on location and business needs. Occasional on-call coverage may be required.

Why you'll love it here:

• Own a mission-critical identity defence stack and make measurable impact on MTTD/MTTR and privilege hygiene
• Solve complex problems from dark web exposure to directory persistence and lateral movement
• Collaborate with experienced global teams and leading vendors to continuously raise the bar
• Grow your career in a modern, data-driven security operations environment

Benefits and compensation will be governed by the location where you are based and considered your home site. This is a global position that will support all our FUJIFILM Biotechnologies sites.