Do you enjoy information security research and threat intelligence? Do you have experience tracking nation state and cyber criminal threat actors? Would you like the opportunity to research and report on the latest threats and techniques used by attackers?

Rapid7 Managed Detection and Response operate around-the-clock to identify vulnerabilities, detect breaches, respond and investigate attacker activity, and help our customers improve their ability to deal with threats.

About the team

Rapid7’s Threat Intelligence & Detection Engineering (TIDE) team is built from the ground up to provide our customers with high-fidelity threat detections and alerting that limit threat actor dwell time and impact across our customers' ecosystems. Our TIDE team uses purposeful research, threat intelligence curation, observed malicious behavior, and informed collaboration to ensure that our detections evolve along with the ever-changing threat and technological landscape. 

About the Role
As a Threat Intelligence & Detection Engineer, you will be responsible for the upkeep and evaluation of the detection library for the MDR service. Our team’s mission is to empower excellence in our customer’s security posture by  continuously refining Rapid7’s detection library, enhancing their effectiveness to swiftly identify incidents while reducing analyst strain. Our vision is to lead with an unparalleled, state-of-the-art, and globally recognized detection library to set new standards in cybersecurity. You will collaborate closely with the SOC and Data Science teams to identify patterns of activity to improve detections, assist with the creation of new data models, and constantly update the collective understanding of threats. 

In addition, you will learn from IR engagements, SOC incidents, and a variety of other sources and apply that knowledge to inform new detections for use across our customer base. You won't be alone in this endeavor, and your TIDE colleagues will be there to answer questions, provide guidance, and assist you as you develop. Specifically, your focus will be to: 

• Utilize Rapid7’s world-class software and threat intelligence to improve the current InsightIDR detection library.

• Collaborate closely with SOC Analysts, the Data Science team, Incident Response (IR) Consultants, Customer Advisors, and security researchers.

• Assist in researching of attacker behaviors and techniques using information gathered from IR engagements, minor incidents and malicious activity discovered through various telemetry sources. 

• Conduct detection testing in a controlled environment.

• Use a variety of skills to build rules that detect evil across network, endpoint and cloud services.

The skills and qualities you’ll bring include:

• 3+ years as a SOC Analyst/Incident Responder/Offensive security practice experience OR 2+ years of cyber threat intelligence/research/detection engineering experience.

• A solid understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.

• Experience with hands-on analysis of forensic artifacts and/or malware samples.

• Experience writing standard EDR detections (Sentinel One/Crowdstrike/Defender), advanced search/threat hunting queries, or use case rules (Splunk or equivalent tool).

• Ability to research, analyze, and interpret threat intelligence data from various sources and translate the information into actionable detection rules

• Strong writing and verbal skills for communicating information in a manner that is easily understood by both technical and non-technical individuals

• Effective collaboration between different teams.

• Innovative problem solving mindset.

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. 

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope - just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.
#LI-SIM