Senior ITDR Analyst

The Senior Identity Threat Detection & Response (ITDR) Analyst will play a critical role in proactively identifying, monitoring, and remediating identity-related risks across Mattel’s enterprise. This position is responsible for analyzing identity and access logs, detecting anomalies, investigating suspicious activities, and ensuring protective controls such as MFA and Zero Trust policies are consistently enforced. 

As senior analysts, they serve as daily owners of ITDR monitoring, ensuring risks are addressed before threat actors can exploit them. Working closely with IAM Engineers, PAM Engineers, and Security Operations, the Sr. ITDR Analyst will strengthen Mattel’s identity defenses by leveraging tools such as CrowdStrike ITP, Okta logging and reporting, Semperis DSP, SIEM platforms, and related monitoring or reporting solutions. 

Objectives of this Role 

• Monitor and analyze identity-related logs and alerts from CrowdStrike ITP, Okta, Semperis DSP, SIEM platforms (Splunk, Sumo Logic, ELK, etc.), and other security tools. 

• Detect, investigate, and respond to suspicious identity events such as anomalous logins, privilege escalations, and MFA bypass attempts. 

• Ensure MFA enforcement across all accounts; identify accounts lacking MFA and take action to remediate or block them. 

• Collaborate with IAM and PAM teams to strengthen access controls, privileged account monitoring, and compliance with Zero Trust standards. 

• Support incident response for identity-related threats, including containment, remediation, and root cause analysis. 

• Contribute to disaster recovery, threat hunting, and risk remediation efforts within identity and access ecosystems. 

• Develop, maintain and improve ITDR IAM\PAM dashboards, reports, and metrics for leadership visibility and audit readiness. 

• Create and maintain runbooks, playbooks, and workflows to ensure operational consistency. 

• Provide escalation support for IAM Engineers and PAM Engineers in identity-related security incidents. 

• Additional duties may be assigned as necessary to meet the ongoing needs of the organization. 

• Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, or security events. 

• 5+ years of experience in cybersecurity or identity security, with 3+ years focused on identity threat detection and response. 

• Hands-on experience monitoring and analyzing events from CrowdStrike ITP, Okta logs/reports, Semperis DSP, and SIEM solutions (Splunk, Sumo Logic) and other tools. 

• Proven ability to detect and remediate identity risks before they escalate into incidents. 

• Expertise in enforcing MFA, Zero Trust, JIT access, passwordless, and privileged monitoring controls. 

• Strong understanding of Active Directory/LDAP, Entra ID (Azure AD), Okta Identity Cloud, and PAM solutions (e.g. CyberArk, Okta OPA, BeyondTrust, Delinea, Cerby). 

• Experience supporting incident management, disaster recovery, and risk remediation in enterprise identity environments. 

• Skilled in analyzing authentication events, account lifecycle anomalies, and privileged account activity. 

• Familiarity with compliance requirements (SOX, PCI, NIST) and ability to produce audit-ready evidence. 

• Strong communication, collaboration, and analytical skills, with ability to work across IAM, PAM, and security operations teams. 

• Experience developing operational dashboards, metrics, and reporting using Security Information and Event Management (SIEM) and other tools (e.g. Grafana, Sumo Logic, CrowdStrike ITP etc.) to track IAM/PAM/ITDR effectiveness and risk. 

• Advanced Microsoft Excel, including pivot tables, formulas, and data analysis. 

• Participate in after-hours rotations or on-call duties to support critical incident response as needed. 

Preferred: 

• Bachelor’s degree in technology or applicable experience. 

• CISSP, CISMP certification, or other security certifications. 

• Okta Certified Administrator, Okta Consultant, or equivalent IAM certification. 

• Experience with risk analysis in other cloud IAM solutions (e.g. AWS Cognito, Azure AD, GCP IAM). 

• Experience in threat hunting and red/blue team collaboration. 

• Knowledge of risk scoring models, behavioral analytics, and identity threat intelligence. 

• Familiarity with Grafana or other visualization tools for threat metrics and dashboards. 

• Proficiency in scripting and automation (PowerShell, VBScript, Python, REST APIs) to enhance detection and response.