Quality Assurance Tester Jobs in Marlborough, MA

Security Strategy, Roadmap & Program Leadership

• Execute and support ongoing security operations aligned with Sequel’s security priorities and roadmap

• Translate security findings, alerts, and audit requirements into actionable remediation plans

• Proactively monitor the evolving threat landscape and regulatory environment; assess their impact on Sequel's security posture and bring forward-looking recommendations before they become reactive obligations.

• Contribute to investment and business-case discussions by articulating risk-reduction value, projected outcomes, and cost framing in terms leadership can act on.

• Partner with IT and Security & Compliance to implement security initiatives and enhancements

Vulnerability & Patch Management

• Manage the vulnerability lifecycle, including scanning, triage, prioritization, and remediation tracking

• Drive recurring patch cycles in coordination with IT operations; champion timely remediation of high-severity findings and validate that fixes close the underlying vulnerability, not just the ticket.

• Track and report on vulnerability metrics, trends, and SLA adherence

• Support improvements to tooling, processes, and reporting over time

SIEM Operations, Incident Response & Platform Maturity

• Monitor, triage, and investigate alerts across SIEM and Microsoft Defender tools (Defender for Endpoint, Defender for Cloud Apps, Defender for Identity).

• Lead end-to-end incident response, including containment, investigation, root cause analysis. Communicate status and findings to security leadership.

• Own SIEM platform maturity: build and tune detection rules, develop response automation and playbooks, expand log and data-source coverage, and continuously reduce alert noise and analyst fatigue.

• Define, track, and present response metrics — MTTD, MTTR, alert volume, false-positive rates — and use trend data to prioritize tuning and platform investment decisions.

Risky User & Risky Device Remediation

• Identify, investigate and remediate risky users and devices across Microsoft Entra and Defender tools.

• Support Conditional Access and device compliance policies

• Partner with IT to address identity risks and improve overall security posture

Security Policy & Data Protection Administration (Microsoft Purview & DLP)

• Administer Microsoft 365 security and data protection solutions, including Purview DLP, sensitivity labeling, retention policies, data lifecycle management, and defensible deletion.

• Maintain and update security configurations and documentation in response to evolving business and compliance feedback.

• Assess current data-protection coverage and recommend policy enhancements aligned to the compliance roadmap.

Security Awareness & Training Program

• Support the execution of the security awareness program, including phishing simulations and training campaigns (KnowBe4).

• Analyze simulation results, assess the threat landscape, and provide recommendations on training content and simulation difficulty to keep improve training program outcomes.

Audit & Compliance Execution

• Support audit readiness activities, including evidence collection and control execution (e.g., SOC 2, HITRUST) in the GRC platform (Vanta).

• Maintain documentation and drive remediation of audit findings; partner with the Senior Manager, Security & Compliance to ensure audit readiness is maintained.

• Partner with Security & Compliance to ensure controls are operating effectively

Documentation, Metrics & Reporting

• Maintain runbooks, standard operating procedures, and security workflow documentation sufficient for audit evidence and operational continuity.

• Track and report security and compliance metrics and related platforms; deliver leadership-ready reporting on a regular cadence.

• Contribute to board- and executive-level security reporting by providing clear, data-backed summaries of program status, risk posture, and progress against roadmap milestones.

Cross-Functional Collaboration

• Partner with IT, Legal, and People & Culture to align security practices with business and regulatory needs

• Provide security guidance on IT projects, configurations, and change requests

• Demonstrated experience contributing to or owning a security roadmap or program maturity initiative — helping define what the program should accomplish next and building the case for it.

• Hands-on experience with vulnerability management and incident response

• Experience with SIEM tools and Microsoft security ecosystem (Defender, Entra, Purview)

• Exposure to security and compliance frameworks (SOC 2, HITRUST, or similar)

• Experience supporting audits, including evidence collection and remediation

• Ability to work independently and manage multiple priorities

• Strong communication skills with both technical and non-technical stakeholders

• Candidate must reside in the contiguous United States and work East Coast hours