This role is responsible for designing, implementing, and enhancing technical controls and monitoring solutions that detect and prevent unauthorized use of privileged access across the enterprise. This role plays a critical part in identifying anomalous and high-risk access behaviors by leveraging advanced detection tools, including SIEM platforms (Splunk) and endpoint detection solutions (CrowdStrike). The engineer partners closely with Security Operations, IAM, and Infrastructure teams to develop detection use cases, improve visibility, and strengthen the organization's security posture. ESSENTIAL DUTIES AND RESPONSIBILITIES Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. • Identify and define unauthorized access scenarios, including credential misuse, privilege escalation, and anomalous account behavior. • Develop and tune Splunk/CrowdStrike queries, correlation searches, and alerts to detect suspicious privileged activity. • Leverage CrowdStrike (or equivalent EDR tools) to monitor endpoint-level indicators of compromise, lateral movement, and misuse of elevated privileges • Build and maintain detection use cases aligned with MITRE ATT&CK techniques related to identity and access abuse. • Correlate data from multiple sources (identity systems, logs, endpoints, cloud platforms) to identify potential threats. • Partner with Security Operations Center (SOC) and Incident Response teams to escalate and respond to confirmed incidents. • Design and implement automated detection and response mechanisms for privileged access risks. • Develop scripts or integrations (e.g., Python, APIs) to enhance monitoring, alerting, and reporting capabilities. • Continuously improve detection logic to reduce false positives and increase detection accuracy • Provide technical expertise to improve visibility into privileged account usage across on-prem and cloud environments. • Contribute to enforcement of least privilege and just-in-time access models through monitoring and analytics. • Create dashboards and reports in Splunk to track privileged access activity, trends, and risks. • Recommend improvements to detection coverage based on threat intelligence and incident learnings Qualifications Required Qualifications The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • Bachelor's degree or equivalent education, training, and work-related experience. • Minimum of 5 years of experience in security engineering or related cybersecurity roles. • Advanced knowledge in cybersecurity principles, theories, and concepts. • Proven experience in software development lifecycle security practices. • Advanced knowledge of threat modeling, security testing, and penetration testing. • Experience implementing and managing complex information security technologies. Preferred Qualifications • Experience developing detection use cases and threat hunting techniques for identity-based attacks. • Strong expertise in: • SIEM engineering and log analysis • Behavioral analytics and anomaly detection • Identity Threat Detection and Response (ITDR) • Experience with PAM tools such as StrongDM and CyberArk. • Familiarity with frameworks such as: • MITRE ATT&CK (especially credential access and privilege escalation techniques) • NIST and CRI Cybersecurity Framework • Scripting and automation skills (e.g., Python, PowerShell). • Experience integrating multiple data sources (cloud logs, Active Directory, EDR telemetry) into SIEM platforms. • Relevant certifications such as: • CISSP, GIAC (GCIA, GCIH), CEH, or Security+ • Strong analytical, problem-solving, and communication skills.