RSA Cyber Incident Response Engineer - Identity
Primary Location: Bedford, Massachusetts
Additional Location(s): Massachusetts
RSA Cyber Incident Response
RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing enterprise and cloud environments against today’s most sophisticated threats. Combining business-critical solutions in identity & authentication management, network forensics and GRC capabilities, RSA provides visibility and analytics to safeguard the identities and information of organizations worldwide.
Be a part of RSA’s internal security team to support Cyber Incident response program for our Identity Business Unit. This is an exciting opportunity to be part of a build from scratch experience, utilizing industry leading technologies and capabilities. We are seeking individuals who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our success. With team members located globally, you will have an excellent opportunity to influence the security culture at RSA.
****MUST BE A US CITIZEN****
- Perform cyber security incident handling and responses processes as part of a 365x24x7 cyber security Detect and Respond program
- Be the technical hands-on subject matter expert (SME) for performing incident handling activities across datacenter, cloud and SaaS offerings
- Work with the Incident Response Lead to continuously evolve the program to include the latest event monitoring and incident response techniques against the latest industry best practices
- Proactively monitor threat landscape and integrate knowledge into overall program execution
- Perform proactive threat hunting exercises leveraging multiple indicators of compromise and tactics, techniques and procedures (ttps)
- Develop automated responses, information triage and other incident response tools to reduce time to contain and remediate, alongside other cybersecurity engineering resources
- Facilitate and lead lessons learned review meetings, incident response tabletop exercises, incident response training and other activities that contribute to operational readiness of the overall Detect & Respond strategy
- Manage relationship and operational effectiveness of both internal and external supporting service providers to ensure the operational execution of the overall Detect & Respond program maturity objectives
- Exercise discretion and confidentiality on a need-to-know basis when performing investigations.
- Maintain Incident Response documentation, playbooks, contact lists and other functional procedures
- Participate in audit & compliance activities as necessary
- Bachelor’s Degree in Information Technology, Information Security or related major; or 5 years of direct experience in the field of Cybersecurity.
- 2+ years direct Cyber Incident Response (IR) experience in a progressive security organization or service provider setting
- Strong understanding of Cybersecurity technologies and concepts directly related to security event management, incident response, threat hunting and threat intelligence
- Ability to script automated detect & response activities leveraging languages such as python, in both traditional datacenter and cloud services environments
- Experience leveraging solutions such as Azure Sentinel and AWS GuardDuty for SIEM
- Understanding of tactics, techniques and procedures (TTPs) associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques
- Strong understanding of how complex, multi-stage malware functions
- Experience performing monitoring and incident response activities within cloud hosted environments such as AWS, Azure and GCP
- Flexibility to work non-standard business hours such as nights or weekends as required
- Strong communication skills
- Ability to prioritize projects and/or deliverables
- Ability to work in a high-pressure environment
RSA is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at RSA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. RSA will not tolerate discrimination or harassment based on any of these characteristics. RSA encourages applicants of all ages.
Job ID: R087068