• Baseline our control library mapped to SOC 2, PCI DSS, and key fintech obligations. • Implement lightweight evidence collection pipelines for top controls such as access reviews, backup tests, vulnerability management, and CI/CD change management. • Complete a security risk register refresh with likelihood and impact ratings, and publish a quarterly risk report. • Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs. • Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring. • Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud. • Develop an AI/ML risk assessment framework covering model governance, training data privacy, and shadow AI usage across the organization. • Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs. • Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers. • Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements. • Establish AI governance policies and integrate AI risk into the existing risk register, vendor assessments, and compliance monitoring.

• Manage processes and technologies to implement identity lifecycle operations for AI agents and service principals • Administer RBAC and ABAC policies • Manage credentials used by AI agents • Collaborate with product teams to capture use cases • Assist in investigations and incident response involving autonomous AI agents

As a Vector Command Specialist, you will work with a team of offensive security consultants to help clients improve their security posture through your technical skills and knowledge of attack surface management strategies. You will serve as an entry-level technical analyst and customer liaison. You will also work with various Managed Services teams to help deliver monthly reports to customers, address customer needs, and assist with other security consultant deliverables. About the Team Your primary responsibility will be to support Vector Command customers by conducting external attack surface analysis, exposure reconnaissance, account and tool integrations, preparing monthly red team report deliverables, and prioritizing customer requests. You will work daily with Rapid7’s Vector Command Red Team operators, assisting with ongoing red team exercises and staying up to date on the latest vulnerabilities, customer attack surface changes, and exposures within customer environments. About the Role Customer Facing Responsibilities: - Onboard customers to the Vector Command platform and technologies. - Oversee and ensure the completeness of customer report deliverables. - Serve as the primary point of contact for customer inquiries related to testing operations, alerts, or general Vector Command questions associated with Red Team activities. - Coordinate and host monthly Vector Command Red Team update calls in conjunction with a Rapid7 Red Team lead. - Translate technical concepts and communicate them effectively to non-security personnel. - Coordinate communications between internal Rapid7 services on behalf of customers, including the Managed Detection and Response (MDR) and Managed Vulnerability Management (MVM) teams. - Provide monthly written summaries of each customer’s attack surface and Vector Command Red Team operations. Attack Surface Analyst, Internal Red Team: - Analyze each customer’s exposures and attack surface within the Vector Command platform. - Conduct manual network and service reconnaissance to identify new exposures. - Perform Open-Source Intelligence (OSINT) gathering on customers to identify attack surface elements that extend beyond traditional network services. - Keep the Red Team informed of significant changes in customers’ attack surfaces. - Coordinate customer requests and prioritizations with the Red Team operators. - Develop scripts to query and analyze attack surface data from numerous sources and automated systems. - Perform entry level penetration testing activities against external assets, as assigned by the Red Team lead. The skills and qualities you’ll bring include: - 3+ years in an active technical security role. - Excellent written and verbal communication skills. - Previous technical security consulting experience. - Knowledge of modern penetration testing tools and methods. - Knowledge of external attack surface reconnaissance techniques to identify customer’s internet facing exposures. - Strong knowledge of network, web-based application, and IEEE 802.11 security concepts. - Knowledge of Windows/Linux/UNIX internals and the Internet protocol suite. - Experience using scripting languages such as Python and PowerShell - Experience with social engineering techniques and tactics related to reconnaissance and OSINT gathering. - A Bachelor’s degree in Computer Science, MIS, CIS or a related field, or equivalent experience. - Certifications such as GPEN, PJPT, PNPT, CPTS, or OSCP are preferred. - The ability to ask for help. - Be an Advocate: Use excellent written and verbal communication skills to not just report vulnerabilities, but to advocate for the customer's security posture. Focus on "translating technical concepts" so non-security personnel understand the impact on their business. - Strategic Alignment: Position your technical testing (network, web app, API) as a way to scale Rapid7's impact within the Global Services division. - Driving Outcomes over Actions: Instead of just listing "performed technical testing," focus on the outcome: "helping customers remediate and mitigate prevalent threats". Your ability to consistently produce high-quality reports is a direct contribution to successful security outcomes for clients. - Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today. #LI-BD1 #LI-Remote About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ ve been doing for the past 20 years. If you ’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us. Rapid7, Inc. is committed to fair and equitable compensation practices. A candidate’s salary is determined by various factors including, but not limited to, relevant work experience, skills, and certifications. We evaluate compensation decisions on a case-by-case basis, and it is not typical for an individual to be hired at the very top of the salary range. The salary range for this role in the US is: $89,300.00 - 120,800.00 USD Annual Salary ranges may vary based on geographical location. This range does not include variable/incentive compensation, equity and benefits (where applicable/eligible). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.

Company Description VERSANT is a leading force in news, sports and entertainment - home to iconic and trusted brands that inspire, inform, and delight audiences. Our unique combination of content, technology and services enriches the cultural fabric, igniting passions, sparking conversations, and connecting people to what they love most. As an independent, publicly traded company, VERSANT brings together powerhouse cable networks - including USA Network, CNBC, MS NOW (formerly MSNBC), Oxygen, E!, SYFY, and Golf Channel - with dynamic digital and direct-to-consumer brands such as Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. Together, these businesses reflect our commitment to delivering exceptional experiences across every screen and service. VERSANT is an industry-changing media company fueled by innovation and an entrepreneurial spirit. With a strong foundation and a forward-looking vision, VERSANT empowers creativity, embraces change, and drives connection in an ever-evolving world. Job Description The Senior Security Incident Response Analyst leads complex security investigations, drives automated response workflows, and works alongside a managed SOC to raise the quality and speed of day-to-day security operations. This is a senior individual contributor role: you will own the hardest cases, serve as the escalation point for investigations that go beyond standard triage, and build the automation and tooling that makes the entire operation more effective. Success requires independence — the ability to make sound decisions in ambiguous situations, operate without constant direction, and drive work forward in an environment that is still maturing. We are an automation-first team, and this role is central to that. You will work closely with SOAR and automation engineers to translate investigative insight into scalable response workflows — identifying inefficiencies, eliminating manual processes, and building the tools that reduce toil for the entire team. The right candidate cares deeply about investigative quality and is equally driven to automate, scale, and continuously improve how that work gets done. Strong judgment, a builder's mindset, and high-quality written communication are essential. RESPONSIBILITIES - Lead high-severity and complex investigations alongside the managed SOC — serving as the senior escalation point for cases that require deeper analysis, cross-platform pivoting, or containment decisions beyond standard playbook scope - Perform host-based triage and forensic analysis across Windows, Linux, and macOS, and conduct cloud-native IR across AWS and Azure — pivoting fluently between endpoint, identity, infrastructure, and network telemetry. - Integrate threat intelligence into active investigations and operationalize it proactively — use adversary TTPs, IOC context, and external monitoring to sharpen scope, accelerate attribution, and surface threats before they become incidents - Make and execute containment decisions — account disabling, host isolation, infrastructure blocking — and drive those actions through coordination with relevant teams - Partner with SOAR and automation engineers to design and build automated response workflows — translate what you learn in investigations into playbooks, enrichment pipelines, and containment automations the SOC can execute at scale - Identify repetitive investigative tasks and own their elimination — write the scripts, build the integrations, and design the workflow tools that reduce toil for the entire team - Define what automated response should look like for specific threat categories; work with engineering to implement it and validate that it holds up against how investigations actually unfold - Contribute detection logic informed by investigation findings — close the loop between what you observe in cases and what the team catches next time - Calibrate the SOC's triage thresholds and escalation criteria; raise the floor on case documentation quality through direct review and feedback - Produce case notes, post-incident summaries, and leadership briefs that are reproducible, defensible, and readable by a non-technical audience Qualifications QUALIFICATIONS & REQUIREMENTS - 5+ years of hands-on incident response experience with direct investigation ownership — candidates should understand the difference between owning an investigation and working a SOC queue - Proven ability to operate independently: prioritize without direction, drive investigations to closure, and make sound judgment calls under ambiguity - Experience working alongside or managing an MSSP or managed SOC — comfortable defining what escalates, setting investigation standards, and serving as the technical authority on complex cases - Deep SIEM proficiency; able to write complex queries and correlate across heterogeneous log sources - Host forensics fluency across Windows, Linux, and macOS: process execution, persistence mechanisms, lateral movement artifacts, and platform-native log sources. Cloud IR experience in AWS a plus. - Demonstrated automation experience — scripting languages, SOAR platforms, or both — applied to real investigative and detection workflows; this is a core expectation of the role, not a bonus - Strong written communication; case notes and summaries that hold up to peer review, legal scrutiny, and executive reading - Comfort operating in environments where tooling and processes are still maturing; able to build structure and make progress without waiting for perfect conditions Experience contributing to detection engineering, mentoring junior analysts, or working in multi-tenant or post-merger environments is a plus. Additional Requirements: - Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-Versant worksite, most commonly an employee’s residence. This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Salary range: $120,000 - $160,000 (bonus eligible). We are accepting applications for this position on an ongoing basis. Additional Information As part of our selection process, external candidates may be required to attend an in-person interview with a VERSANT Media employee at one of our locations prior to a hiring decision. VERSANT Media's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. For LA County and City Residents Only: VERSANT Media will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable. If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to [email protected]. VERSANT Media is committed to fair and equitable compensation practices. We include a good faith pay range for each position to comply with applicable state and local pay transparency laws and to promote equity across our organization. Actual compensation will be based on factors such as the candidate's skills, qualifications, experience, and location and may include additional forms of compensation and benefits such as health insurance, retirement plans, paid time off, etc. VERSANT Media is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at VERSANT via-email, the Internet, or in any form and/or method without a valid written Statement of Work in place for this position from VERSANT's Talent Acquisition team will be deemed the sole property of VERSANT. No fee will be paid in the event the candidate is hired by VERSANT as a result of the referral or through other means. - Business Segment: Versant O&T