Do you enjoy being in the fight, investigating unusual activity, tearing apart malware, and chasing attackers in realtime? Do you pride yourself on developing methods for identifying and analyzing breaches? Do you feel compelled to help organizations improve their abilities to effectively detect threats and drive incident response? 

About the team

Rapid7's Detection & Response Services  team offers the opportunity to respond to active incidents, uncover previously unidentified breaches, and work with clients to simulate full-scale incidents in their own environments. Our Incident Responders pride themselves on their ability to think critically, adapt to constantly changing attack methodologies, deliver top-notch Incident Response services, and help our customers improve their programs. 

About the role

Rapid7 Incident Responders split their time between reactive breach response cases - supporting Rapid7 customers, and others, in their greatest time of need, and proactive customer engagements - delivering threat hunting and detection & response exercises with our customers’ dedicated internal security teams. Rapid7 aims to provide unparalleled work/life balance that allows talented experts to thrive in a reactive Incident Response setting. Incident Responders help to impact the direction of Rapid7’s Products and Services.

In this role, you will:

• Be responsible for the daily oversight and consistent delivery of multiple proactive and reactive incident response service engagements

• Provide expert guidance and support to Incident Responders and Customer Advisors, delivering timely and constructive performance feedback, and serving as an escalation point during engagements

• Focus on technical and procedural service delivery improvements through a variety of initiatives that may include a variety of development, engineering, training, and enablement responsibilities

• Proactively maintain awareness of, and educate internal teams on, the latest attacker TTPs and the appropriate response techniques required to properly investigate them.

• Execute on responsibilities as part of Rapid7’s Emergent Threat Response program

• Scope prospective proactive and reactive incident response service engagements

• Participate in pre-sales conversations with prospective customers, Sales enablement sessions, and other methods of driving business in your respective region

• Liaison with external legal counsel, cyber insurance carriers, and other third party resources to ensure customer expectations are met 

• Lead and assist with incident response engagements, as necessary 

The skills you’ll bring include:

• 3-5+ years of hands-on incident response experience, including leading and conducting technical incident response investigations

• Extensive experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools

• Strong technical experience in four of the six areas below 

  • Incident Management

  • Host forensics (Windows / Mac / Linux)

  • Network traffic analysis

  • Log Review

  • Malware triage

  • Cloud technologies, including AWS, Azure, and GCP

• Ability to build relationships with, and understand business needs of, customers and deliver demonstrable value 

• Outstanding verbal and written communication skills, in particular the ability to effectively communicate investigation findings and associated mitigation and remediation actions to technical and non-technical audiences, including executive leadership and legal counsel

• Proven ability to provide leadership to junior team members through job shadowing and mentoring

• Highly self-motivated and self-directed, outstanding time management and prioritization skills

• Willingness to participate in an on-call rotation that may include evening/weekend work, as required

• Relevant industry certifications, such as, but not limited to: GCIA, GCIH, GDAT, GCFE, and GFCA 

About Rapid7
Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.

With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.

#LI-CG1