Job Description

Incident Handler II, Detection & Response Services

We are looking for people with a passion for investigation and forensic analysis to join our MDR SOC team at Rapid7. As an Incident Handler II, you will work side by side MDR SOC analysts and MDR Incident Responders to investigate incidents ranging from commodity malware to sophisticated threat actors.

About the Team

Rapid7’s Managed Detection and Response (MDR) team is built from the ground up to bring motivated and passionate security talent face to face with emerging threats, practical challenges, and evil at scale. Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.

About the Role

As an Incident Handler II in Rapid7’s SOC, you will be responsible for investigating and analyzing malicious activity in a multitude of customer environments. You will be enabled to complete investigations scaling in complexity from account compromises and commodity malware infections, to complex web server compromises and zero-day vulnerability exploitation. The trigger for the majority of these investigations will be from inbound customer requests, but you will also receive investigations handed off to you from frontline analysts. There may be times where you’re triaging alerts using Rapid7’s award-winning SIEM, InsightIDR, where you’ll find malicious activity that you’ll need to investigate and escalate to customers. In these investigations, your Cybersecurity Advisor colleagues will be largely responsible for direct communication with the customers regarding your investigations, however you will be expected to engage with customers as needed to drive more complex investigations forward. Lastly, you’re the go-to person for handling incident response engagements run by Rapid7’s Incident Response team.

In this role, you will:

• As a core duty, you will conduct investigations into a variety of malicious activity on workstations, servers, and in the cloud. You will investigate all levels of incidents, including Incident Response engagements in which you will provide analysis assistance to Rapid7’s Incident Responders, including scoping, timeline analysis, finding IAV, and helping update documents as needed.

• Own complex investigations that may need various levels of delegation, customer communication, documentation, and collaboration across teams.

• Be an escalation point for complex and advanced incidents.

• Communicate with Cybersecurity Advisors regarding investigation findings, Requests For Information from clients, and remediation and mitigation recommendations.

• Directly communicate with customers regarding investigation findings or to assist in driving an investigation forward as needed.

• Prepare Incident Reports for each minor incident investigation you complete, which follow MITRE’s ATT&CK Framework and include your own forensic, malware, and root-cause analysis.

• Communicate with other analysts to share new intelligence regarding tactics, techniques, and trends utilized by threat actors.

• Provide continuous input to Rapid7’s Threat Intelligence and Detection Engineering team regarding new detection opportunities.

• Assist in customer engagement opportunities pertaining to the function of your role in the MDR service as necessary.

• Participate in projects that directly relate to your role in an effort to increase positive customer outcomes.

• Utilize Rapid7’s world-class software to triage and investigate alerts to identify potential compromises in customer environments as necessary.

The skills you’ll bring include:

• 3-4 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)

• Dedication to putting each customer’s needs and concerns at the forefront of all decision making.

• Understanding of core operating system concepts in Windows, MacOS/Darwin, and Linux. This includes at least an understanding of common internal system tools and directory structures.

• Proficiency with analyzing forensic artifacts to determine root cause analysis in investigation

  • Windows largely preferred, but bonus points for experience with Linux, AWS, Azure, and GCP)

• A fundamental understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.

• Effective verbal communication skills that foster collaboration between the MDR SOC and the Incident Response team; this role serves as the bridge between our major service delivery functions.

• Strong written communication skills

• Some experience with static and dynamic malware analysis.

• Passion for continuous learning and growth in the cybersecurity world.

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact.

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever’s next.

Join us and bring your unique experiences and perspectives to tackle some of the world’s biggest security challenges.

#LI-WP1
#LI-Remote

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome.

Protecting 11,500+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ ve been doing for the past 20 years. If you ’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.