Security Identity Protection Specialist
NCBiotech, Raleigh, NC, United States
Position Overview
Join us to outsmart the world’s most sophisticated identity threats. As a Security Identity Protection Specialist, you’ll be on the front lines safeguarding our global workforce from account takeover, credential abuse, and privilege exploitation across cloud and on‑prem directories. You’ll work with platforms such as CrowdStrike Identity Protection, Splunk, and Netskope, integrate dark web intelligence, and lead identity‑focused incident response to keep our business secure and resilient.
Location: US‑NC‑Research Triangle Park. The position is global; you may work from any FUJIFILM Biotechnologies site. Benefits and compensation are governed by your home site.
Job Description What you’ll do
Operate, administer, and tune CrowdStrike Identity Protection to detect and stop identity threats (e.g., lateral movement, Kerberoasting/NTLM misuse, Golden/Silver Ticket, credential theft).
Monitor and triage identity risk events and anomalies across SIEM and identity telemetry (e.g., impossible travel, atypical sign‑ins, MFA fatigue, session hijack); execute rapid containment (disable accounts, revoke sessions, invalidate tokens).
Integrate dark web monitoring (CyberInt or equivalent) to identify exposed credentials and targeted campaigns; drive takedowns, credential resets, and layered mitigations.
Build and execute incident response playbooks for credential compromise, privilege escalation, directory persistence, and identity‑based lateral movement; document findings and lessons learned.
Detect anomalous privileged activity using SIEM/UEBA and Netskope telemetry; apply just‑in‑time and break‑glass patterns with IAM partners.
Lead identity threat hunting and detection engineering (KQL/SQL/regex/Sigma) across SIEM/EDR/Identity platforms to close visibility gaps and reduce mean time to detect.
Collaborate under our IAM shared responsibility model with Infrastructure and Security to validate mover risk, advise on Conditional Access/MFA exceptions, and mature shared runbooks.
Produce metrics, dashboards, and reports on identity threats, response performance, and trends; support audits and evidence collection for identity‑related controls.
Automate enrichment and response using PowerShell, Python, and APIs (REST/Graph/CrowdStrike; SOAR) to streamline investigations and orchestrate containment.
Participate in readiness testing (tabletop, purple team) and integrate tools (Splunk, Netskope, ticketing, SOAR) to elevate our identity control efficacy.
Minimum qualifications
Education:
Bachelor’s degree in Information Security, Computer Science, or related field preferred; equivalent experience considered.
Experience:
5+ years of IT/cybersecurity experience with at least 3+ years focused on identity security/operations (Microsoft Entra ID/Azure AD, on‑prem AD, MFA, Conditional Access, SSO/SCIM).
Hands‑on experience with CrowdStrike Identity Protection and SIEM/UEBA (e.g., Splunk) and cloud security platforms (e.g., Netskope).
Experience with dark web monitoring and credential exposure remediation (CyberInt or equivalent).
Proficiency in incident response, identity threat hunting, and detection engineering; scripting/automation (PowerShell, Python, REST/Graph/CS APIs, SOAR).
Strong analytical, communication, and documentation skills; experience supporting audit and evidence requests.
Preferred qualifications
Security certifications such as Microsoft SC‑200/SC‑300, CISSP, SSCP, CompTIA Security+, GIAC (e.g., GMON/GCIH/GCDA), Okta Certified Administrator/Professional.
Deep knowledge of identity attack paths, Kerberos/NTLM, session/token abuse, persistence techniques, and lateral movement.
Experience working across global time zones and participating in on‑call rotations.
What’s in it for you
High‑impact mission: Protect our people, data, and operations from the fastest‑growing threat vector—identity.
Leading‑edge tooling: Work hands‑on with CrowdStrike, Splunk, Netskope, SOAR, and dark web intelligence at enterprise scale.
Growth and visibility: Shape detection strategy, influence identity policy, and collaborate with leaders across Security, Infrastructure, and IAM.
Flexibility: Hybrid/remote work with occasional onsite collaboration at company locations.
Global teamwork: Partner with experts across regions, time zones, and disciplines.
Benefits We offer a robust benefits package including medical, dental, vision, and prescription drug coverage with an option for a Health Savings Account (company contributions). Additional benefits include a leading 401(k) plan, insurance coverage, employee assistance programs, wellness incentives, paid vacation and sick time, and company holidays.
EEO Information Fujifilm is committed to providing equal opportunities in hiring, promotion and advancement, compensation, benefits, and training regardless of nationality, age, gender, sexual orientation or gender identity, race, ethnicity, religion, political creed, ideology, national or social origin, disability, veteran status, etc.
ADA Information If you require reasonable accommodation in completing this application, interviewing, completing any pre‑employment testing, or otherwise participating in the employee selection process, please direct your inquiries to our HR Department (fdbglobaltalent@fujifilm.com).
#J-18808-Ljbffr
Location: US‑NC‑Research Triangle Park. The position is global; you may work from any FUJIFILM Biotechnologies site. Benefits and compensation are governed by your home site.
Job Description What you’ll do
Operate, administer, and tune CrowdStrike Identity Protection to detect and stop identity threats (e.g., lateral movement, Kerberoasting/NTLM misuse, Golden/Silver Ticket, credential theft).
Monitor and triage identity risk events and anomalies across SIEM and identity telemetry (e.g., impossible travel, atypical sign‑ins, MFA fatigue, session hijack); execute rapid containment (disable accounts, revoke sessions, invalidate tokens).
Integrate dark web monitoring (CyberInt or equivalent) to identify exposed credentials and targeted campaigns; drive takedowns, credential resets, and layered mitigations.
Build and execute incident response playbooks for credential compromise, privilege escalation, directory persistence, and identity‑based lateral movement; document findings and lessons learned.
Detect anomalous privileged activity using SIEM/UEBA and Netskope telemetry; apply just‑in‑time and break‑glass patterns with IAM partners.
Lead identity threat hunting and detection engineering (KQL/SQL/regex/Sigma) across SIEM/EDR/Identity platforms to close visibility gaps and reduce mean time to detect.
Collaborate under our IAM shared responsibility model with Infrastructure and Security to validate mover risk, advise on Conditional Access/MFA exceptions, and mature shared runbooks.
Produce metrics, dashboards, and reports on identity threats, response performance, and trends; support audits and evidence collection for identity‑related controls.
Automate enrichment and response using PowerShell, Python, and APIs (REST/Graph/CrowdStrike; SOAR) to streamline investigations and orchestrate containment.
Participate in readiness testing (tabletop, purple team) and integrate tools (Splunk, Netskope, ticketing, SOAR) to elevate our identity control efficacy.
Minimum qualifications
Education:
Bachelor’s degree in Information Security, Computer Science, or related field preferred; equivalent experience considered.
Experience:
5+ years of IT/cybersecurity experience with at least 3+ years focused on identity security/operations (Microsoft Entra ID/Azure AD, on‑prem AD, MFA, Conditional Access, SSO/SCIM).
Hands‑on experience with CrowdStrike Identity Protection and SIEM/UEBA (e.g., Splunk) and cloud security platforms (e.g., Netskope).
Experience with dark web monitoring and credential exposure remediation (CyberInt or equivalent).
Proficiency in incident response, identity threat hunting, and detection engineering; scripting/automation (PowerShell, Python, REST/Graph/CS APIs, SOAR).
Strong analytical, communication, and documentation skills; experience supporting audit and evidence requests.
Preferred qualifications
Security certifications such as Microsoft SC‑200/SC‑300, CISSP, SSCP, CompTIA Security+, GIAC (e.g., GMON/GCIH/GCDA), Okta Certified Administrator/Professional.
Deep knowledge of identity attack paths, Kerberos/NTLM, session/token abuse, persistence techniques, and lateral movement.
Experience working across global time zones and participating in on‑call rotations.
What’s in it for you
High‑impact mission: Protect our people, data, and operations from the fastest‑growing threat vector—identity.
Leading‑edge tooling: Work hands‑on with CrowdStrike, Splunk, Netskope, SOAR, and dark web intelligence at enterprise scale.
Growth and visibility: Shape detection strategy, influence identity policy, and collaborate with leaders across Security, Infrastructure, and IAM.
Flexibility: Hybrid/remote work with occasional onsite collaboration at company locations.
Global teamwork: Partner with experts across regions, time zones, and disciplines.
Benefits We offer a robust benefits package including medical, dental, vision, and prescription drug coverage with an option for a Health Savings Account (company contributions). Additional benefits include a leading 401(k) plan, insurance coverage, employee assistance programs, wellness incentives, paid vacation and sick time, and company holidays.
EEO Information Fujifilm is committed to providing equal opportunities in hiring, promotion and advancement, compensation, benefits, and training regardless of nationality, age, gender, sexual orientation or gender identity, race, ethnicity, religion, political creed, ideology, national or social origin, disability, veteran status, etc.
ADA Information If you require reasonable accommodation in completing this application, interviewing, completing any pre‑employment testing, or otherwise participating in the employee selection process, please direct your inquiries to our HR Department (fdbglobaltalent@fujifilm.com).
#J-18808-Ljbffr