Rapid7 Detection & Response Analyst - MDR 

Australia, Victoria, Melbourne 

514051015

About the Role

Most days for an MDR Analyst will consist of reviewing alert data to identify malicious activity in customer environments. In this role you will be empowered to steer investigations, which includes everything from evidence acquisition and analysis to figuring out how the intrusion began to identify any malicious or unexpected activity related to the event. Based on this investigation you will be responsible for writing a Findings Report which includes your technical analysis, documented findings, and remediation recommendations for customers.

Your colleague, a Customer Advisor, will be responsible for direct communication with the customer. You will have fellow analysts who will be ready to help you if you encounter a problem or have a question, including Senior and Lead Analysts.

In addition to live response, the MDR SOC also performs threat hunting on a monthly basis. Threat hunting is performed in an effort to identify unknown threats in a customer environment. In the event of a security incident that rises to the level of a Remote Incident Response engagement, you may be tasked with performing investigation tasks related to the investigation. In this circumstance you will focus on helping a team track threat actor actions across an environment by examining forensic artifacts.

In this role, you will:

• Utilize Rapid7's world-class software and threat intelligence to identify potential compromises in customer environments as necessary.

• Conduct investigations into a variety of malicious activity on workstations, servers, and in the cloud. You will investigate all levels of incidents, including Incident Response engagements in which you will provide analysis assistance to Rapid7's Incident Response team.

• Write Incident Reports for each minor incident investigation you complete, which follow MITRE's ATT&CK Framework and include your own forensic, malware, and root-cause analysis.

• Communicate with Customer Advisors regarding investigation findings, Requests For Information from clients, and remediation and mitigation recommendations.

• Communicate with other analysts to share new intelligence regarding tactics, techniques, and trends utilised by threat actors.

• Provide continuous input to Rapid7's Threat Intelligence and Detection Engineering team regarding new detection opportunities.

• Assist in customer engagement opportunities pertaining to the function of your role in the MDR service as necessary.

The skills you’ll bring include:

• Minimum 2 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)

• Understanding of core operating system concepts in Windows, MacOS/Darwin, and Linux.

• This includes at least a basic understanding of common internal system tools and directory structures

• An understanding of investigative methodology and the incident response lifecycle, cyber killchain, etc:

  • Knowing what questions to ask to begin an investigation and, regardless of tech stack, have an idea of where to look to answer them.

  • A fundamental understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration

• Willingness to work on a shift schedule, including evenings and a Saturday or Sunday

  • The Rapid7 MDR SOC has a shift rotation which requires analysts to work a 4:3 10 hour shift schedule after a 90 day onboarding and training period. The shifts are from Sunday-Wednesday and Wednesday-Saturday.

• Practical experience gained through CTF and HTB challenges, as well as personal or professional usage of common penetration testing tools such as Mimikatz, Metasploit modules, BloodHound, etc.

• Experience with hands-on analysis of forensic artifacts and/or malware samples

• Passion for cybersecurity and for continuous learning and growth

• Problem solving, critical thinking, ingenuity

• A keen curiosity and excitement to learn

• Effective communication skills to allow for cross-functional collaboration within the SOC and between departments

• Dedication to putting each customer’s needs and concerns at the forefront of all decision making.