RSA Cyber Incident Response Lead - Identity
Primary Location: Bedford, Massachusetts
Additional Location(s): Massachusetts
RSA Cyber Incident Response Lead - Identity
Location - Bedford, MA
RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing enterprise and cloud environments against today’s most sophisticated threats. Combining business-critical solutions in identity & authentication management, network forensics and GRC capabilities, RSA provides visibility and analytics to safeguard the identities and information of organizations worldwide.
Be a part of RSA’s internal security team to develop, manage and lead the Cyber Incident response program for our Identity Business Unit. This is an exciting opportunity to be part of a build from scratch experience, utilizing industry leading technologies and capabilities. We are seeking individuals who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our success. With team members located globally, you will have an excellent opportunity to influence the security culture at RSA.
- Lead cyber security incident handling and responses processes as part of a 365x24x7 cyber security Detect and Respond program
- Be the technical hands-on subject matter expert (SME) for performing incident handling activities across datacenter, cloud and SaaS offerings
- Accountable for the Detect & Respond strategy and Incident Response (IR) program operational effectiveness execution
- Continuously evolve the program to include the latest event monitoring and incident response techniques against the latest industry best practices
- Proactively monitor threat landscape and integrate knowledge into overall program execution
- Facilitate and lead lessons learned review meetings, incident response tabletop exercises, incident response training and other activities that contribute to operational readiness of the overall Detect & Respond strategy
- Manage relationship and operational effectiveness of both internal and external supporting service providers to ensure the operational execution of the overall Detect & Respond program maturity objectives
- Support and oversee incident response activities as the most senior escalation point within the team in a fast-paced environment, while exercising composure, professionalism and teamwork during incidents
- Exercise discretion and confidentiality on a need-to-know basis when performing investigations.
- Maintain Incident Response documentation, playbooks, contact lists and other functional procedures
- Identify operational inefficiencies as well as best practices and drives program maturity via creation of metrics, measurements, and tools
- Bachelor’s Degree in Information Technology, Information Security or related major; or 8 years of direct experience in the field of Cybersecurity.
- 3+ years direct Cyber Incident Response (IR) experience in a progressive security organization or service provider setting
- Expert understanding of Cybersecurity technologies and concepts directly related to security event management, incident response, threat hunting and threat intelligence
- Understanding of tactics, techniques and procedures (TTPs) associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques
- Strong understanding of how complex, multi-stage malware functions
- Expert hands on technical containment, eradication and recovery expertise across both operating system, application and cloud configuration services
- Experience performing monitoring and incident response activities within cloud hosted environments such as AWS, Azure and GCP
- Flexibility to work non-standard business hours such as nights or weekends as required and participate in on-call rotation
- Strong leadership, problem solving and critical thinking skills with the ability to prioritize and execute autonomously
- Ability to lead, motivate and direct a workgroup
- Excellent communication skills
- Ability to prioritize projects and/or deliverables
- Ability to work in a high-pressure environment
RSA is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at RSA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. RSA will not tolerate discrimination or harassment based on any of these characteristics. RSA encourages applicants of all ages.Job ID: R080538