Sr IT Security Analyst

About the role

The Sr Security Engineer - Endpoint & Identity Threat Protection (EDR / ITP) is responsible for engineering, deploying, and optimizing advanced detection and response technologies that safeguard Mattel's global enterprise. This senior technical role focuses on proactive endpoint detection, response automation, and identity threat protection, helping to strengthen the organization's cyber defense posture. The position requires deep technical expertise across endpoint and identity protection technologies, strong collaboration skills, and a commitment to continuous improvement through automation, analytics, and security modernization initiatives. Roles and Responsibilities Engineer, deploy, and maintain enterprise Endpoint Detection and Response (EDR) and Identity Threat Protection (ITP) platforms across Mattel's environments. Develop, tune, and optimize behavioral analytics and detection logic to identify, prevent, and respond to malicious activity targeting endpoints and identities. Collaborate with Security Operations and Incident Response teams to investigate, contain, and remediate security incidents effectively and efficiently. Integrate EDR and ITP technologies with SIEM, SOAR, and threat intelligence platforms to improve visibility, automation, and response capabilities. Contribute to the architecture, implementation, and continuous enhancement of endpoint and identity threat protection strategies in alignment with Mattel's cybersecurity goals. Partner with IT, Infrastructure, and Security Architecture teams to support secure configuration management, policy enforcement, and system hardening across all endpoints. Ensure endpoint and identity protection controls align with corporate security policies, compliance mandates, and global regulatory standards. Perform advanced telemetry analysis, detection validation, and post-incident investigations to improve detection fidelity and reduce false positives. Collaborate with Engineering, Cloud, and Infrastructure teams to ensure endpoint tools operate effectively across hybrid and cloud environments. Develop and maintain documentation, operational standards, and playbooks for endpoint and identity threat protection workflows. Participate in post-incident reviews to identify gaps, lessons learned, and opportunities to enhance security processes. Evaluate emerging endpoint and identity threat protection technologies and contribute to technical proof-of-concept initiatives to support security modernization. Required: 5-7+ years of experience in cybersecurity engineering, with a focus on endpoint and identity threat protection in enterprise environments. Demonstrated expertise managing enterprise-grade EDR and ITP platforms such as CrowdStrike, SentinelOne, Defender for Endpoint, or similar solutions. Strong technical knowledge of endpoint operating systems (Windows, macOS, Linux) and adversary tactics, techniques, and procedures (TTPs). Experience designing and optimizing detection logic, behavioral rules, and custom correlation within EDR and identity systems. Proficiency in integrating endpoint and identity threat protection solutions with SIEM, SOAR, and automation platforms. In-depth understanding of identity and access management (IAM) frameworks such as Azure AD, Okta, SSO, and MFA. Experience in IOC and IOA analysis, enrichment, and use of threat intelligence for proactive defense and detection tuning. Hands-on experience in scripting or automation using PowerShell, Python, or equivalent languages for workflow orchestration and data enrichment. Strong understanding of endpoint configuration, policy management, application allowlisting, and device control. Excellent communication and collaboration skills with the ability to work effectively across global and cross-functional teams. Preferred: Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience). Certifications such as GSEC, SSCP, GCED, GCIA, or CompTIA CySA+. Experience supporting hybrid endpoint environments across on-premises, cloud (AWS, Azure, GCP), and virtualized systems. Familiarity with the MITRE ATT&CK framework for mapping detections, validating coverage, and improving response maturity. Hands-on experience with SOAR or orchestration platforms to enhance threat detection and response workflows. Knowledge of modern endpoint protection trends, AI/ML-based detection models, and zero-trust security principles. Shift Timings: This position operates during 05:00 - 14:00 PST (17:30 - 02:30 IST), Monday through Friday, with emergency on-call duties as required. Don't meet every single requirement? At Mattel, we are dedicated to an inclusive workplace and a culture of belonging. If you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or other roles. How We Work: We are a purpose driv

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Mattelinc? Share your experience