Sr. Security Engineer - Insider threat DAP

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire fans, entertain audiences and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

The Team:

Objectives of this Role 

• Monitor and analyze identity-related logs and alerts from CrowdStrike ITP, Okta, Semperis DSP, SIEM platforms (Splunk, Sumo Logic, ELK, etc.), and other security tools. 

• Detect, investigate, and respond to suspicious identity events such as anomalous logins, privilege escalations, and MFA bypass attempts. 

• Ensure MFA enforcement across all accounts; identify accounts lacking MFA and take action to remediate or block them. 

• Collaborate with IAM and PAM teams to strengthen access controls, privileged account monitoring, and compliance with Zero Trust standards. 

• Support incident response for identity-related threats, including containment, remediation, and root cause analysis. 

• Contribute to disaster recovery, threat hunting, and risk remediation efforts within identity and access ecosystems. 

• Develop, maintain and improve ITDR IAM\PAM dashboards, reports, and metrics for leadership visibility and audit readiness. 

• Create and maintain runbooks, playbooks, and workflows to ensure operational consistency. 

• Provide escalation support for IAM Engineers and PAM Engineers in identity-related security incidents. 

• Additional duties may be assigned as necessary to meet the ongoing needs of the organization. 

• Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, or security events. 

Skills and Qualifications 

Required: 

• 5+ years of experience in cybersecurity or identity security, with 3+ years focused on identity threat detection and response. 

• Hands-on experience monitoring and analyzing events from CrowdStrike ITP, Okta logs/reports, Semperis DSP, and SIEM solutions (Splunk, Sumo Logic) and other tools. 

• Proven ability to detect and remediate identity risks before they escalate into incidents. 

• Expertise in enforcing MFA, Zero Trust, JIT access, passwordless, and privileged monitoring controls. 

• Strong understanding of Active Directory/LDAP, Entra ID (Azure AD), Okta Identity Cloud, and PAM solutions (e.g. CyberArk, Okta OPA, BeyondTrust, Delinea, Cerby). 

• Experience supporting incident management, disaster recovery, and risk remediation in enterprise identity environments. 

• Skilled in analyzing authentication events, account lifecycle anomalies, and privileged account activity. 

• Familiarity with compliance requirements (SOX, PCI, NIST) and ability to produce audit-ready evidence. 

• Strong communication, collaboration, and analytical skills, with ability to work across IAM, PAM, and security operations teams. 

• Experience developing operational dashboards, metrics, and reporting using Security Information and Event Management (SIEM) and other tools (e.g. Grafana, Sumo Logic, CrowdStrike ITP etc.) to track IAM/PAM/ITDR effectiveness and risk. 

• Advanced Microsoft Excel, including pivot tables, formulas, and data analysis. 

• Participate in after-hours rotations or on-call duties to support critical incident response as needed. 

Preferred: 

• Bachelor’s degree in technology or applicable experience. 

• CISSP, CISMP certification, or other security certifications. 

• Okta Certified Administrator, Okta Consultant, or equivalent IAM certification. 

• Experience with risk analysis in other cloud IAM solutions (e.g. AWS Cognito, Azure AD, GCP IAM). 

• Experience in threat hunting and red/blue team collaboration. 

• Knowledge of risk scoring models, behavioral analytics, and identity threat intelligence. 

• Familiarity with Grafana or other visualization tools for threat metrics and dashboards. 

• Proficiency in scripting and automation (PowerShell, VBScript, Python, REST APIs) to enhance detection and response. 

**Skills and Qualifications**

**Required:**

• 5–7+ years of experience in security engineering, data protection, or insider threat operations within enterprise environments.
• Hands-on experience implementing and managing DLP and insider threat monitoring platforms (endpoint, email, network, and cloud-based).
• Deep understanding of data classification, handling, and access control models across enterprise ecosystems.
• Experience analyzing user activity and data movement to detect anomalous or risky behavior.
• Proficiency in integrating DLP and insider threat technologies with SIEM, SOAR, and cloud platforms for enhanced visibility and automation.
• Experience in policy tuning, rule creation, and reducing false positives within DLP and insider threat systems.
• Familiarity with scripting and automation (Python, PowerShell, or equivalent) for policy management and workflow optimization.
• Working knowledge of privacy and regulatory frameworks including GDPR, CCPA, and ISO 27001.
• Excellent analytical, investigative, and communication skills, with the ability to collaborate across global, cross-functional teams.

**Preferred:**

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field (or equivalent practical experience).
• Certifications such as GCITP, CCITP, CDPSE, or equivalent credentials in data protection or insider threat management.
• Experience with insider threat frameworks, behavioral analytics tools, and forensic investigations related to data exfiltration or intellectual property protection.
• Familiarity with CASB, DLP-as-a-Service, cloud security solutions (Microsoft 365, Google Workspace), and the MITRE ATT&CK framework.

**Shift Timing:**

10:00 – 18:00 PST (22:30 – 06:30 IST), Monday through Friday, with emergency on-call responsibilities as required.

Don’t meet every single requirement? At Mattel, we are dedicated to an inclusive workplace and a culture of belonging. If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or other roles.

How We Work:
We are a purpose driven company aiming to empower generations to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance-driven company. We strive for excellence and are focused on pursuing best-in-class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Our Approach to Flexible Work:
We embrace a flexible work model designed to empower a culture of growth, optimism, and wellbeing, where every employee can reach their full potential. Combining purposeful in-person collaboration with flexibility, our focus is to optimize performance and drive connection for moments that matter.

Who We Are:
Mattel is a leading global toy and family entertainment company and owner of one of the most iconic brand portfolios in the world. We engage consumers and fans through our franchise brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO, Masters of the Universe, Matchbox, Monster High, MEGA and Polly Pocket, as well as other popular properties that we own or license in partnership with global entertainment companies. Our offerings include toys, content, consumer products, digital and live experiences. Our products are sold in collaboration with the world’s leading retail and ecommerce companies. Since its founding in 1945, Mattel is proud to be a trusted partner in empowering generations to explore the wonder of childhood and reach their full potential.

Mattel’s award-winning workplace culture has been recognized by Forbes, Fast Company, Newsweek, Great Place to Work, TIME, and more.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers, and all applicants will receive consideration for employment.

Videos to watch:
The Culture at Mattel
Corporate Philanthropy