About the Role
The Security Engineer – Endpoint & Identity Threat Protection (EDR / ITP) is responsible for implementing, maintaining, and optimizing advanced endpoint detection and identity threat protection capabilities across Mattel’s global environment. This mid-level role focuses on enhancing detection accuracy, improving response efficiency, and strengthening the organization’s overall cyber defense posture. The engineer will work closely with cross-functional teams to ensure endpoint and identity protection tools are effectively integrated, monitored, and tuned to safeguard enterprise systems and data from emerging threats.
Roles and Responsibilities
Deploy, manage, and optimize Endpoint Detection and Response (EDR) and Identity Threat Protection (ITP) platforms across Mattel’s enterprise.
Develop and fine-tune behavioral analytics, detection logic, and response rules to identify and mitigate malicious activity targeting endpoints and identities.
Collaborate with Security Operations and Incident Response teams to investigate, contain, and remediate threats in a timely and coordinated manner.
Integrate EDR and ITP technologies with SIEM, SOAR, and other enterprise systems to enhance threat detection, visibility, and automation.
Contribute to the design and implementation of endpoint and identity threat protection controls aligned with Mattel’s cybersecurity strategy.
Partner with IT, Infrastructure, and Security Architecture teams to support endpoint hardening, secure configuration management, and policy enforcement.
Ensure compliance of endpoint and identity controls with internal security standards and external regulatory requirements.
Perform ongoing analysis of endpoint telemetry, identity logs, and behavioral data to identify patterns and optimize detection efficacy.
Collaborate with engineering teams to improve agent performance, health, and interoperability across platforms and systems.
Maintain and update operational documentation, playbooks, and standard procedures for endpoint and identity threat protection workflows.
Participate in post-incident reviews to identify root causes, improve detection coverage, and strengthen response processes.
Evaluate and recommend emerging endpoint and identity protection tools, techniques, and automation strategies to enhance defense capabilities.
Skills and Qualifications
Required:
3–5+ years of experience in cybersecurity engineering, focusing on endpoint and identity threat protection solutions.
Hands-on experience managing enterprise-grade EDR and ITP platforms such as CrowdStrike, SentinelOne, Defender for Endpoint, or similar.
Proficiency in detection engineering — developing custom detection logic, correlation rules, and behavioral analytics for endpoint and identity-based threats.
Strong understanding of endpoint operating systems (Windows, macOS, Linux) and common adversary tactics including privilege escalation and lateral movement.
Experience integrating endpoint and identity controls with SIEM, SOAR, and automation workflows to improve operational efficiency.
Knowledge of identity and access management frameworks such as Azure AD, Okta, SSO, and MFA.
Experience performing threat analysis using IOC/IOA data, event correlation, and telemetry investigation.
Proficiency in scripting or automation (Python, PowerShell, or equivalent) for detection tuning, enrichment, or response orchestration.
Solid understanding of endpoint policy management, application allowlisting, device control, and system hardening best practices.
Excellent analytical and communication skills with the ability to collaborate effectively across technical and non-technical teams.
Preferred:
Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
Certifications such as ISC2 CC, GIAC GSEC, GCED, GCIA, or CompTIA CySA+.
Experience with hybrid endpoint environments spanning on-premises, cloud, and virtual infrastructure (AWS, Azure, GCP).
Familiarity with the MITRE ATT&CK framework for mapping detections and validating coverage.
Hands-on experience with SOAR or automation frameworks to streamline response processes.
Experience contributing to detection and response process improvement initiatives in global enterprises.
Shift Timings:
This position operates during 10:00 – 18:00 PST (22:30 – 06:30 IST), Monday through Friday, with emergency on-call duties as required