Jul 14, 2026

Exposure Intelligence Analyst - Endpoint & Identity (EDR / AD-Entra / PAM / MFA)

Apply Now →
Role: Exposure Intelligence Analyst - Endpoint & Identity (EDR / AD-Entra / PAM / MFA) Business Title: Lead Consultant - Threat & Incident Response Team and overall work scope • The team operates within a newly established Exposure Management function in the broader cybersecurity organization, focused on modernizing how the enterprise identifies, prioritizes, and mitigates security vulnerabilities shifting from traditional patch approaches to a more strategic focus on true business risk and exploitability • IC roles are designed to bring in deep domain expertise (network, endpoint, cloud, identity, infrastructure, etc.) to bridge the gap between security insights and practical remediation strategies • The Exposure Intelligence Analyst - Endpoint & Identity is the SME responsible for identifying and prioritizing exposure risk across endpoints and identity systems, including EDR posture, AD/Entra configurations, PAM, MFA enforcement, and device posture. • This role focuses on the most common real-world attacker pathways by combining identity-centric exposure intelligence with endpoint realities and partnering closely with identity and endpoint engineering owners. What's exciting about this role: You get to protect the workforce and identity layer by identifying exploitable weaknesses in endpoints and identity systems, applying AI-driven signal enrichment to surface hidden attack paths and drive effective remediation Ideal Candidate: • Experienced endpoint and identity SME with deep hands-on experience across Active Directory / Entra ID, Intune, Windows 10/11, macOS, and endpoint security platforms (EDR, device posture). • Understands how identity and device weaknesses translate into enterprise attack paths and is able to identify, validate, and eliminate real exposure. Success Measures • Reduced identity-driven attack paths and fewer high-risk privilege conditions. • Increased MFA/PAM/identity control effectiveness (measurable posture improvements). • Faster remediation outcomes through SME-to-SME engagement with IAM and endpoint owners. Key Responsibilities (Core + Domain) Exposure Intelligence (Core) • Convert endpoint/identity signals into exploitability-aware exposure intelligence. • Identify chained attack paths (endpoint compromise credential theft privilege escalation lateral movement). • Produce clear remediation plans; support validation and closure tracking. Endpoint & Identity (Domain) • Own SME coverage for identity controls and endpoint posture: MFA gaps, privilege pathways, stale accounts, insecure configs, weak conditional access, device compliance gaps. • Identify systemic identity risks: excessive privileges, weak auth flows, misconfigured policies, high-risk admin surfaces. • Partner with IAM/endpoint teams to implement durable corrective actions. Required Qualifications • 3+ years in identity security, endpoint security, security operations, or exposure management. • Working knowledge of AD/Entra fundamentals, MFA/PAM concepts, and endpoint control posture. • Ability to describe attacker identity tradecraft and prioritize based on exploitability. Preferred Qualifications • Deep experience in endpoint platforms (Windows 10/11, macOS), Identity systems (Active Directory, Entra ID) and endpoint and identity security controls (EDR, Intune, PAM, MFA) • Experience with identity telemetry, privilege analysis, and identity attack path concepts. • Experience with endpoint detection/security telemetry • Automation skills (PowerShell, KQL, Python) for evidence gathering/validation. Skills Automation, Endpoint Security, Identity Access Management (IAM), Identity Management (IdM), Scripting Compensation Compensation offered for this role is 100,000.00 - 170,500.00 annually and is based on experience and qualifications. The candidate(s) offered this position will be required to submit to a background investigation. Allstate provides a comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse. Employees eligible to work from home also receive a monthly connectivity reimbursement to help offset internet costs. When working from home, you must have a dedicated, private workspace free from distractions, along with appropriate desk and seating. Reliable internet is required, with minimum speeds of 50 MB download and 5 MB upload.