Incident Handler

• As a core duty you will conduct investigations into a variety of malicious activity on workstations servers and in the cloud. You will investigate all levels of incidents including Incident Response engagements in which you will provide analysis assistance to Rapid7's Incident Responders including scoping timeline analysis finding IAV and helping update documents as needed.
• Own complex investigations that may need various levels of delegation customer communication documentation and collaboration across teams.
• Be an escalation point for complex and advanced incidents.
• Communicate with Cybersecurity Advisors regarding investigation findings Requests For Information from clients and remediation and mitigation recommendations.
• Directly communicate with customers regarding investigation findings or to assist in driving an investigation forward as needed.
• Prepare Incident Reports for each minor incident investigation you complete which follow MITRE's ATT&CK Framework and include your own forensic malware and root-cause analysis.
• Communicate with other analysts to share new intelligence regarding tactics techniques and trends utilized by threat actors.
• Provide continuous input to Rapid7's Threat Intelligence and Detection Engineering team regarding new detection opportunities.
• Assist in customer engagement opportunities pertaining to the function of your role in the MDR service as necessary.
• Participate in projects that directly relate to your role in an effort to increase positive customer outcomes.
• Utilize Rapid7's world-class software to triage and investigate alerts to identify potential compromises in customer environments as necessary.

• 3-4 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)
• Dedication to putting each customer's needs and concerns at the forefront of all decision making.
• Understanding of core operating system concepts in Windows MacOS/Darwin and Linux. This includes at least an understanding of common internal system tools and directory structures.
• Proficiency with analyzing forensic artifacts to determine root cause analysis in investigation
  
  • Windows largely preferred but bonus points for experience with Linux AWS Azure and GCP)
• A fundamental understanding of how threat actors utilize tactics such as lateral movement privilege escalation defense evasion persistence command and control and exfiltration.
• Effective verbal communication skills that foster collaboration between the MDR SOC and the Incident Response team; this role serves as the bridge between our major service delivery functions.
• Strong written communication skills
• Some experience with static and dynamic malware analysis.
• Passion for continuous learning and growth in the cybersecurity world.

What We Do

At Rapid7 our vision is to create a secure digital world for our customers our industry and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11000+ customers against bad actors and threats means we’re continuing to push the envelope - just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity we’re ready to help you take command of your career. Join us.

Why Work With Us

With our products research and open source communities we’re building a secure digital future for everyone. This means constantly learning and evolving in an industry that’s anything but stagnant. You’ll be faced with tough challenges and given the support to find creative solutions that drive our business and your career forward.

Gallery