Detection Response Analyst MDR

Rapid7s Managed Detection and Response (MDR) team is built from the ground up to bring motivated and passionate security talent face to face with emerging threats practical challenges and evil at scale.

Our MDR service uses an impactdriven mindset to focus efforts on effective solutions encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring threat hunting incident response and more with a focus on endpoint detection and behavioral intelligence.

About the Team
Rapid7 MDRs Tactical Operations team (TACOPS) is responsible for handling the most timecritical tasks for all customers such as the investigation and triage of high priority security alerts using our cloud hosted SIEM InsightIDR. While many SOC analysts forward alerts that require additional analysis to other teams at Rapid7 MDR you will typically conduct an investigation beginning from alert triage through to Incident Report delivery.

You will be enabled to complete investigations that can scale in complexity from simple account compromises and commodity malware infections to complex web server compromises and zeroday vulnerability exploitation. Your primary trigger for such investigations will be from reviewing alert data though youll investigate inbound customer requests as well. However your Customer Advisor colleagues will be largely responsible for direct communication with the customers enabling you to dedicate your efforts to investigation and analysis.

About the Role

While you will own your investigations you arent expected to know everything! Youll even likely come across a lot of data youre not familiar with throughout your time in this role and taking on these investigations is one of the best ways to learn. If you need help your team lead will ensure youre able to get the information you need and your analyst colleagues are available to answer questions too. Additionally your team lead will assist you with learning how to prioritize and balance your time between alert triage and inflight investigations to ensure the best customer outcomes possible.

In the event of a security incident that escalates to Rapid7 MDRs inhouse Incident Responders you may be tasked with performing investigative tasks related to the Incident Response engagement. The Incident Manager will lead the engagement and give you tasks within the scope of your normal job duties to analyze realtime log data or forensic artifacts.

Your team lead will guide your development in this role and assist you with moving down your career path. As you grow in your role the Rapid7 MDR SOC provides career paths to grow as a SOC analyst Incident Responder Threat Hunter and more.

In this role you will work on one of the following shift schedules:

Shift B: WednesdaySaturday from 10am8pm ET

Rapid7 requires its TACOPS analysts to work two of their four days on shift in office with one of those days being Wednesday for shift changeover.

In this role you will:

• Utilize Rapid7s worldclass software and threat intelligence to identify potential compromises in customer environments

• Conduct investigations into a variety of malicious activity on workstations servers and in the cloud

  • These investigations include conducting analysis of log data collected by our worldclass SIEM and forensic artifacts acquired from affected endpoints

• Provide timely communication of investigation findings to Customer Advisors in order to provide Rapid7s customers with the information they need to remediate the current incident and prevent future ones from occurring

• Prepare Incident Reports for each investigation you complete which follows MITREs ATT&CK Framework and includes your own forensic malware and rootcause analysis

• Communicate with other analysts to share new intelligence regarding tactics techniques and trends utilized by threat actors

• Interface with our global SOCs to facilitate investigation and shift handoffs

• Provide continuous input to Rapid7s Threat Intelligence and Detection Engineering team regarding new detection opportunities

The skills youll bring include:

• 24 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)

• Understanding of core operating system concepts in Windows MacOS/Darwin and Linux.

  • This includes at least a basic understanding of common internal system tools and directory structures

• An understanding of investigative methodology and the incident response lifecycle cyber killchain etc:

  • Knowing what questions to ask to begin an investigation and regardless of tech stack have an idea of where to look to answer them.

  • A fundamental understanding of how threat actors utilize tactics such as lateral movement privilege escalation defense evasion persistence command and control and exfiltration

• Willingness to work on a shift schedule including evenings and a Saturday or Sunday

  • The Rapid7 MDR SOC has a shift rotation which requires analysts to work a 4:3 10 hour shift schedule after a 90 day onboarding and training period. The shifts are from SundayWednesday and WednesdaySaturday.

• Practical experience gained through CTF and HTB challenges as well as personal or professional usage of common penetration testing tools such as Mimikatz Metasploit modules BloodHound etc.

• Experience with handson analysis of forensic artifacts and/or malware samples

• Passion for cybersecurity and for continuous learning and growth

• Problem solving critical thinking ingenuity

• A keen curiosity and excitement to learn

• Effective communication skills to allow for crossfunctional collaboration within the SOC and between departments

• Dedication to putting each customers needs and concerns at the forefront of all decision making.

We know that the best ideas and solutions come from multidimensional teams. Thats because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact please dont be shy apply today.

About Rapid7
At Rapid7 we are on a mission to create a secure digital world for our customers our industry and our communities. We do this by embracing tenacity passion and collaboration to challenge whats possible and drive extraordinary impact.

Here were building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10000 global customers ahead of whatevers next.

Join us and bring your unique experiences and perspectives to tackle some of the worlds biggest security challenges.

#LIPB1