The Senior Identity Threat Detection & Response (ITDR) Analyst will play a critical role in proactively identifying, monitoring, and remediating identity-related risks across Mattel鈥檚 enterprise. This position is responsible for analyzing identity and access logs, detecting anomalies, investigating suspicious activities, and ensuring protective controls such as MFA and Zero Trust policies are consistently enforced.
As senior analysts, they serve as daily owners of ITDR monitoring, ensuring risks are addressed before threat actors can exploit them. Working closely with IAM Engineers, PAM Engineers, and Security Operations, the Sr. ITDR Analyst will strengthen Mattel鈥檚 identity defenses by leveraging tools such as CrowdStrike ITP, Okta logging and reporting, Semperis DSP, SIEM platforms, and related monitoring or reporting solutions.
Objectives of this Role
Monitor and analyze identity-related logs and alerts from CrowdStrike ITP, Okta, Semperis DSP, SIEM platforms (Splunk, Sumo Logic, ELK, etc.), and other security tools.
Detect, investigate, and respond to suspicious identity events such as anomalous logins, privilege escalations, and MFA bypass attempts.
Ensure MFA enforcement across all accounts; identify accounts lacking MFA and take action to remediate or block them.
Collaborate with IAM and PAM teams to strengthen access controls, privileged account monitoring, and compliance with Zero Trust standards.
Support incident response for identity-related threats, including containment, remediation, and root cause analysis.
Contribute to disaster recovery, threat hunting, and risk remediation efforts within identity and access ecosystems.
Develop, maintain and improve ITDR IAM\PAM dashboards, reports, and metrics for leadership visibility and audit readiness.
Create and maintain runbooks, playbooks, and workflows to ensure operational consistency.
Provide escalation support for IAM Engineers and PAM Engineers in identity-related security incidents.
Additional duties may be assigned as necessary to meet the ongoing needs of the organization.
Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, or security events.