In the fast-moving world of cybersecurity, finding a workplace that balances cutting-edge innovation, deep expertise growth, and a supportive culture can help catapult your career. At Rapid7, our Security Operations Center (SOC) is built specifically to foster these qualities, positioning us not just as industry leaders, but as the premier destination for cybersecurity professionals looking to truly make an impact.

We spoke with three of our expert SOC analysts—Ali Kashmouleh, Jessica Lee, and Rishabh Jain—to hear firsthand what makes the Rapid7 SOC a rewarding place to build your career in cybersecurity. Read on to uncover the three themes that show up when unpacking what it’s like working at the Rapid7 SOC. 

Theme 1: Innovation and Growth—Deepening Your Expertise on the Front Lines

For many analysts, traditional SOC roles become repetitive, dealing with the same limited set of alert types daily, which can stagnate growth. Rapid7’s Managed Detection and Response (MDR) service, however, provides unparalleled exposure to the full spectrum of the threat landscape.

Ali Kashmouleh highlights the sheer volume and exposure offered at Rapid7: “The single most important element of working within the Rapid7 SOC is the exposure to the sheer volume and diversity of alerts that I benefit from.”

Unlike a typical internal SOC that might handle 5–10 different alert types repeatedly, analysts at Rapid7 are exposed to “dozens and dozens of different alert types almost every single day,” with each serving as an opportunity to grow and learn. This commitment to growth is visible in career advancement; Ali was able to successfully obtain the GIAC Certified Forensic Analyst (GCFA) certification—the gold-standard for the defense side—within his first year, with the support and assistance of his Manager and Rapid7 leadership.

Jessica Lee emphasizes the real-world skills developed through this vast exposure: “The day to day work is second to none in exposing you to a range of threat actors or helping to identify true evil.”

Jessica notes that the SOC, by caring for thousands of customers across all industries, sees inside thousands of environments, allowing analysts to observe different methods threat actors use for compromise, lateral movement, and more. A significant skill she refined was her understanding of Initial Access Vectors (IAVs), recognizing how actors find and use varied entry points into networks.

Theme 2: Collaboration—A Non-Siloed, Supportive Battleground

Cybersecurity is high-stakes, but the way a company handles stress and fosters teamwork defines its uniqueness. Rapid7’s SOC culture is intentionally designed to support the analysts who are fighting on the front lines.

Rishabh Jain highlights how the R7 SOC is built around analysts owning their own investigations from start to finish, which is a key differentiator from tiered operational models. However, this ownership doesn't mean isolation.

"When an analyst uncovers complex malicious activity, the team collaborates—sharing experiences, delegating tasks, and shadowing the investigation—to reduce stress and foster learning acros the team." 

Jessica Lee points to the supportive atmosphere that combats burnout, “Rapid7’s SOC is very team work focused.” She explains that there is “no hesitation required” when an analyst needs to ask another for assistance or their opinion.

“Crucially, SOC members are encouraged and expected to take their time off and disconnect when not on shift, reinforcing their importance as a human being, not just an analyst.”

Theme 3: High Impact—Shutting Down the Adversary

The greatest reward in the SOC is knowing your work directly results in customer safety and disruption of threat actor operations. Rapid7 analysts consistently deliver tangible results that demonstrate real-world impact.

Ali Kashmouleh shares a powerful success story: He has personally stopped threat actors in social engineering cases on many occasions, identifying alerts and blocking potential infiltration instances within minutes of suspicious requests. In a testament to the team’s effectiveness, Ali mentions that Rapid7 identified chat logs from a well-known ransomware group, explicitly stating how the Rapid7 SOC is “too much of a nuisance” to them.

"Threat actors are constantly targeting new users with these malicious social engineering requests, and I’m getting these alerts by the minute. It ends up being a battle of who’s quicker, me, or the threat actors. In a lot of these cases, threat actors were simply not quick enough."

Rishabh Jain details the breadth of protection: Working with R7's diverse customer base—ranging from healthcare and finance to technology and education—provides a unique insight into targeted attack vectors and opportunistic attacks common across environments.

Analysts are involved with incidents that span the “full gamut of cyberattacks,” from cloud account takeovers and BECs to zero-days and web server compromises. 

This cross-collaboration and exposure ensures that analysts are constantly learning and ensuring the “collective success of the MDR service” and the safety of customers worldwide.

Grow Your Career Where You Make a Difference

If you have an interest in learning and growing in cybersecurity, joining Rapid7 provides massive exposure to a large set of customers and experiences that serve you and your future career. Our approach—where innovation drives technical growth, collaboration ensures a supportive environment, and analysts own the high-impact investigations—makes the Rapid7 SOC an exhilarating place to be.

Search for jobs