Principal Responsibilities

Serve as second level Incident Response interacting with our third-party SOC and be a security SME on a shared on-call rotation.
Operate and tune core detection and response tooling — such as SIEM, SOAR, XDR/EDR, WAF, and NGFW — to sharpen signal and cut noise.
Apply identity-centric and Zero Trust controls — access, MFA, and least privilege — alongside the IT platform and product teams.
Support security as an enabler in the product and R&D lifecycle, advising engineering on secure-by-design patterns.
Be an advocate and enabler for maturing the security controls around data, AI services and our products.
Maintain clear documentation, runbooks, develop metrics, and present findings to both technical and non-technical audiences.
Deep-dive into security systems as needed to investigate issues and automate recurring tasks through scripting or AI Agents as appropriate.
Act as the bridge between technical and non-technical contributors.

Education & Experience

Typically, 4+ years of related cybersecurity operations experience with a Bachelor’s degree; or 2+ years with a Master’s degree.
Hands-on production operation of multiple security technologies in public cloud (Azure and/or AWS) and on-premises environments — including vulnerability scanning and management, SIEM/logging, WAF, network segmentation and security groups, system hardening/STIG, malware prevention, and incident response.
Intermediate grasp of identity and access management and Zero Trust principles — authentication and authorization standards (MFA, SAML, OAuth, OIDC), directory services, and least-privilege access.
Working knowledge of networking concepts and of both Linux and Windows host operating systems.
Critical-thinking drive — asking what could be, how it could be done better, and pursuing continuous improvement and efficiency through automation — paired with a collaborative work style.
Strong written, spoken, and presentation skills, with the ability to communicate security decisions clearly and to translate between technical and non-technical audiences.
US Citizen / US Soil.

Experience securing customer-facing SaaS environments and familiarity with FedRAMP, SOC 2, NIST, or CSA compliance frameworks; prior work with a government, FedRAMP, or otherwise regulated environment is highly desirable.
Experience securing product and R&D or DevSecOps environments — container and Kubernetes security, infrastructure-as-code scanning, and secrets management.
Familiarity with securing AI/ML workloads and AI-enabled tooling, and an awareness of emerging AI-driven threats and defensive use cases.
Demonstrated group, team, or thought leadership within cloud or security operations initiatives.
Experience threat hunting or red-teaming within a complex enterprise environment.
Location near Boston area a plus.
Industry-standard cybersecurity certifications; a cloud or identity-specific credential is a plus.

Full-time, non-Sales US employees are also eligible for annual discretionary bonuses that are funded based on prior year company performance.
RSA Sales team members are eligible to participate in company commission plans.
RSA offers its eligible US employees a comprehensive array of benefit programs including flexible paid-time-off, health, disability, and life insurance, and a 401(k) retirement plan with company matching contributions.