Do you enjoy being in the fight, investigating unusual activity, tearing apart malware, and chasing attackers in realtime? Do you pride yourself on developing methods for identifying and analyzing breaches? Do you feel compelled to help organizations improve their abilities to effectively detect threats and drive incident response?
About the team
Rapid7's Detection & Response Services team offers the opportunity to respond to active incidents, uncover previously unidentified breaches, and work with clients to simulate full-scale incidents in their own environments. Our Incident Responders pride themselves on their ability to think critically, adapt to constantly changing attack methodologies, deliver top-notch Incident Response services, and help our customers improve their programs.
About the role
Rapid7 Incident Responders split their time between reactive breach response cases - supporting Rapid7 customers, and others, in their greatest time of need, and proactive customer engagements - delivering threat hunting and detection & response exercises with our customers’ dedicated internal security teams. Rapid7 aims to provide unparalleled work/life balance that allows talented experts to thrive in a reactive Incident Response setting. Incident Responders help to impact the direction of Rapid7’s Products and Services.
In this role, you will:
Be responsible for the daily oversight and consistent delivery of multiple proactive and reactive incident response service engagements
Provide expert guidance and support to Incident Responders and Customer Advisors, delivering timely and constructive performance feedback, and serving as an escalation point during engagements
Focus on technical and procedural service delivery improvements through a variety of initiatives that may include a variety of development, engineering, training, and enablement responsibilities
Proactively maintain awareness of, and educate internal teams on, the latest attacker TTPs and the appropriate response techniques required to properly investigate them.
Execute on responsibilities as part of Rapid7’s Emergent Threat Response program
Scope prospective proactive and reactive incident response service engagements
Participate in pre-sales conversations with prospective customers, Sales enablement sessions, and other methods of driving business in your respective region
Liaison with external legal counsel, cyber insurance carriers, and other third party resources to ensure customer expectations are met
Lead and assist with incident response engagements, as necessary
The skills you’ll bring include:
3-5+ years of hands-on incident response experience, including leading and conducting technical incident response investigations
Extensive experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools
Strong technical experience in four of the six areas below
Incident Management
Host forensics (Windows / Mac / Linux)
Network traffic analysis
Log Review
Malware triage
Cloud technologies, including AWS, Azure, and GCP
Ability to build relationships with, and understand business needs of, customers and deliver demonstrable value
Outstanding verbal and written communication skills, in particular the ability to effectively communicate investigation findings and associated mitigation and remediation actions to technical and non-technical audiences, including executive leadership and legal counsel
Proven ability to provide leadership to junior team members through job shadowing and mentoring
Highly self-motivated and self-directed, outstanding time management and prioritization skills
Willingness to participate in an on-call rotation that may include evening/weekend work, as required
Relevant industry certifications, such as, but not limited to: GCIA, GCIH, GDAT, GCFE, and GFCA
About Rapid7
Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.
With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.
#LI-CG1
Application loading...
Thank you
Application loading...
We use cookies.
Some are necessary to operate the website and its functions. Others help personalize, improve content and services to show you the most relevant job opportunities. With the decision "Accept essential only" we will respect your privacy and will not set cookies that aren't necessary for the operation of the site.