IT Security Manager

About the Role

The IT Security Manager - Identity Threat Protection & Application Layer Defense will play a pivotal role in strengthening Wolters Kluwer's cyber defense against modern identity and application-based attacks. This role focuses on proactive threat hunting, detection engineering, and exposure management across the identity and application layers - two of the most targeted areas in today's threat landscape.

The successful candidate will lead the organization's Identity Threat Protection (ITP) and Identity Threat Detection & Response (ITDR) capabilities, driving advanced analytics to detect credential theft, MFA bypass, token replay, and privilege misuse. In addition, the role will extend to application-layer threat hunting and security validation of authentication protocols, ensuring that TLS, OAuth, SAML, and encryption standards are securely implemented and continuously tested.

The IT Security Manager will collaborate closely with the IAM, CIEM, SOC, and Cyber Defense teams to develop detection logic, automate response workflows, and establish robust controls for secrets exposure management, encryption hygiene, and identity posture analytics. This role is highly strategic, blending technical depth with leadership to safeguard WK's digital assets and accelerate Zero Trust maturity.

Ultimately, the role will serve as the frontline leader in identifying, investigating, and mitigating identity and application-layer threats - ensuring that every session, credential, and communication channel within the organization is secure, monitored, and resilient against modern attack vectors.

Responsibilities:.

Identity Threat Protection & Threat Hunting

• Lead the Identity Threat Protection (ITP) program to detect and respond to identity-driven attacks across cloud and on-prem environments.

• Conduct identity threat hunting using behavioral analytics, anomaly detection, and intelligence-based techniques.

• Develop and refine detection rules, correlation logic, and response playbooks within platforms such as CrowdStrike Falcon ITP, Entra ID Protection, or PingOne Protect.

• Investigate and remediate attacks like credential theft, MFA bypass, token hijacking, lateral movement, and privilege escalation.

• Integrate identity telemetry and detection logic into SIEM/XDR environments for real-time visibility.

• Collaborate with SOC and IR teams for coordinated detection and rapid containment of identity-based threats.

Application Layer Security & Threat Hunting

• Conduct application-layer threat hunting focusing on authentication and session-level exploits (e.g., replay attacks, token misuse, and insecure session handling).

• Perform application security assessments for authentication protocols such as TLS 1.2, TLS 1.3, OAuth, OpenID Connect, and SAML.

• Identify and mitigate secrets exposure risks in application configurations, logs, and source repositories.

• Lead encryption exposure assessments to validate key management, certificate hygiene, and transport encryption strength.

• Assess and enforce secure authentication and encryption practices across internal and customer-facing applications.

• Work closely with development and product teams to validate security configurations and support secure integration patterns.

Governance, Metrics, and Continuous Improvement

• Define and execute the Identity & Application Threat Management strategy aligned with Zero Trust and least privilege principles.

• Develop metrics, dashboards, and executive-level reporting to measure control effectiveness and threat detection maturity.

• Conduct periodic posture assessments of authentication and encryption frameworks to ensure compliance with enterprise and regulatory standards.

• Partner with CIEM, PAM, and IGA teams to maintain visibility into privileged and service accounts.

Skills:

• 10+ years in Cybersecurity, specializing in Identity Security, Threat Detection, and Application Layer Defense.

• Proven experience with ITDR (Identity Threat Detection & Response) platforms (CrowdStrike ITP, Microsoft Entra ID Protection, PingOne Protect, or similar).

• Strong understanding of identity attack chains, token manipulation, and session hijacking techniques.

• In-depth knowledge of TLS 1.2, TLS 1.3, OAuth, OIDC, SAML, and Kerberos authentication flows.

• Hands-on experience performing encryption exposure assessments and certificate lifecycle management.

• Experience with secrets management (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, etc.).

• Deep understanding of Zero Trust, least privilege enforcement, and secure identity architectures.

• Strong analytical mindset for threat hunting and anomaly detection at both identity and application layers.

• Excellent leadership and communication skills to align technical controls with organizational risk goals.

Preferred Qualifications

• Certifications: CISSP, CISM, CEH, CSSLP, or GIAC GMON/GCIA.

• Experience integrating identity and application telemetry into SIEM/SOAR/XDR ecosystems.

• Knowledge of MITRE ATT&CK for Identity and MITRE ATT&CK for Enterprise.

• Background in incident response, digital forensics, or threat intelligence correlation.

• Experience in automating threat detection and exposure analysis using scripting or detection-as-code frameworks.

Our Interview Practices