Cybersecurity Engineer Boston - MA - Massachusetts
Listed on 2026-07-02
-
IT/Tech
Cybersecurity
Job Description:
We are seeking Benchtop support This individual will work directly within the Lab Solutions team to execute a portfolio of active security work streams including Non-Attributable Account (NAA) remediation, software download restrictions, vulnerability remediation, and USB data transfer controls while supporting the broader goal of bringing lab OT posture in line with enterprise security standards.
This is a highly technical, execution-focused role requiring strong hands-on skills in Active Directory, endpoint security, network architecture, and lab instrument environments. The successful candidate will be comfortable working across both IT and OT boundaries, engaging directly with Business System Owners, lab scientists, vendors, and global site partners to deliver change in a complex, multi-site environment
Key Responsibilities
1. NAA (Non-Attributable Account) Remediation
Support the design, testing, and execution of the Non-Attributable Account (NAA) remediation program across RC4-dependent and non-RC4-dependent account types.
Assist in building, maintaining, and activating host allowdeny lists within the Lab Organizational Unit (OU) in Active Directory.
Coordinate with Info Sec and AD teams to execute password reset mechanisms and validate outcomes across pilot and full-rollout phases.
Engage Business System Owners and lab staff to identify NAA usage patterns, confirm active engagements, and support transition to properly managed service accounts.
Support deployment and configuration of Transparent Screen Lock and Beyond Trust (password management and remote access) as replacement mechanisms for NAA-dependent workflows.
2. Software Governance & Controls
Assist in defining and implementing a policy-based software allowlist across lab workstations and instrument PCs in the Lab OU.
Identify currently installed unauthorized or unlicensed software across lab endpoints and support remediation planning.
Develop and maintain a formal exception request process for legitimate scientific software deployment needs.
3. Vulnerability Management
Support Crowd Strike EDR sensor deployment and gap closure across lab endpoints, coordinating with Info Sec and site partners.
Identify and remediate open or misconfigured file shares presenting lateral movement and data exfiltration risk.
Contribute to OS patching cadence and compliance tracking for lab workstations and instrument PCs.
Assist in end-of-life operating system identification, remediation planning, and isolation strategies across lab infrastructure.
Support server-level vulnerability triage and remediation in coordination with the infrastructure team.
4. USB & Data Transfer Controls
Assess current USB usage patterns across lab sites and instrument workflows.
Assist in defining and implementing a tiered USB restriction policy (block, monitor, allow-by-exception) that protects the environment without impeding legitimate scientific workflows.
Manage the formal USB exception process for vendor-mediated access scenarios.
5. Cross-Site & Operational Support
Serve as a hands-on technical resource for site partners across BostonUS, OxfordUK, and other global lab locations.
Maintain accurate documentation of system configurations, allowdeny lists, service account inventories, and workstream progress.
Contribute to demand intake and Service Now-based request management for new service account and access requests.
Participate in hypercare periods following major changes, providing rapid response to connectivity or authentication issues.
Communicate clearly with both technical and non-technical stakeholders, including lab scientists, Business System Owners, and senior leadership.
Required Qualifications
Education
Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
Experience
2 5 years of relevant experience in ITOT systems engineering, endpoint security, or lab systems support or an equivalent combination of education and experience.
Hands-on experience with Active Directory administration, including Organizational Unit (OU) management, Group Policy, and service account provisioning.
Experience working in or supporting laboratory, manufacturing, or operational technology environments.
Demonstrated experience executing security remediation activities such as patching, endpoint agent deployment, or access control changes.
Experience working with endpoint security platforms (Crowd Strike or equivalent EDR tools preferred).
Familiarity with privileged access management or password vault tools (Beyond Trust or equivalent).
Familiarity with Endpoint Management (EPM) tools for computer fleet management
Technical Skills
Identity & Access Management
Proficiency in Active Directory administration: OU structure, Group Policy Objects (GPOs), userservice account management, and authentication protocols including RC4
NTLMKerberos.
Understanding of allowdeny list enforcement mechanisms within AD and Lab OU environments.
Experience with service…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).