IT Security Operations Specialist

Why you’ll love this role

• Make an immediate impact: Stop threats fast, contain incidents, and strengthen our defenses across the enterprise.
• Work with modern tooling: Operate and tune CrowdStrike Falcon and Netskope, using Splunk to investigate and analyze events at scale.
• Keep learning: Apply MITRE ATT&CK, ingest new IOCs/TTPs, and automate repetitive tasks to continually improve operations.
• Collaborate broadly: Partner with Endpoint, Network, IAM, Infrastructure, and Application teams—and interface with vendors—on real-world remediation.

What you’ll do

• Continuously monitor EDR/XDR alerts (primarily CrowdStrike Falcon), triage events, validate true/false positives, and escalate per playbooks and SLAs.
• Execute incident response activities: containment, eradication, recovery, evidence handling, root cause analysis, documentation, and lessons learned.
• Perform light CrowdStrike administration: sensor health/coverage, minor policy updates (prevention, firewall, device control), tuning detections, and basic RTR workflows under change control.
• Investigate using Splunk, CrowdStrike, and Netskope: query logs/telemetry, pivot on IOCs/TTPs, correlate events, and create ad hoc searches to support IR.
• Review Netskope alerts/events and make minor policy adjustments (e.g., category/exception tuning) per standards and CAB approvals.
• Coordinate remediation with Infrastructure, Endpoint, Network, IAM, and Application teams; validate fixes and track to closure.
• Produce operational and executive-ready reporting, trends, and metrics; support audit and compliance requests.
• Maintain runbooks, SOPs, and knowledge base content to drive consistency and speed onboarding.
• Intake threat intelligence and manage IOCs to enhance detections; align improvements to MITRE ATT&CK.
• Automate repetitive tasks with PowerShell/Python/JSON following coding standards and change management.

Minimum qualification requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or related discipline preferred; equivalent experience may be considered.
• 5+ years of IT or cybersecurity experience, including at least 3 years in Security Operations (monitoring, triage, incident response).
• Hands-on operational experience with CrowdStrike Falcon in an enterprise environment (required).
• Experience using Splunk or another SIEM for investigations (searching, pivoting, dashboarding).
• Familiarity with IOC/TTP analysis, MITRE ATT&CK, endpoint OS artifacts, and core network protocols (TCP/IP, DNS, HTTP/S, VPN, proxies).
• Basic scripting/automation ability (PowerShell, Python, JSON).
• Strong analytical, problem-solving, communication, and documentation skills.

Preferred qualifications

• Certifications: CrowdStrike CCFA/CCFR/CCFH, CompTIA Security+/CySA+, GIAC (e.g., GCIA, GCFA, GCIH).
• Experience with Netskope (SWG, CASB, ZTNA, DLP) for alert triage and minor policy adjustments.
• Experience tuning EDR/secure web gateway policies and collaborating within established change controls.
• Demonstrated ability to create clear SOPs/runbooks and executive-ready operational metrics.

As part of any recruitment process, FUJIFILM Biotechnologies collects and processes personal data relating to job applicants. The organization is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations and may share this as part of the global recruitment process with hiring managers in Europe and the United States.

To all agencies: Please, no phone calls or emails to any employee of FUJIFILM about this requisition. All resumes submitted by search firms/employment agencies to any employee at FUJIFILM via-email, the internet or in any form and/or method will be deemed the sole property of FUJIFILM, unless such search firms/employment agencies were engaged by FUJIFILM for this requisition and a valid agreement with FUJIFILM is in place. In the event a candidate who was submitted outside of the FUJIFILM agency engagement process is hired, no fee or payment of any kind will be paid.