Rapid7 Threat Hunter - MDR 

Australia, Victoria, Melbourne 

610095367

Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.

In this role, you will:

• Conduct ongoing hypothesis-based threat hunts utilizing new TTPs and IOCs/IOAs, discovered through proactive research as well as collaboration with other teams within the organization

• Serve as a core component of the Rapid7 ETR team to provide expertise and conduct hunts based on classified emerging threats across MDR customers

• Conduct targeted hunts during major incidents based on past attacker activity and Incident Manager direction

• Help document and improve hunting processes, tools, and capabilities

• Develop new Velociraptor hunt packages based on research and findings

• Work closely with engineering, endpoint, TIDE, Rapid7 Labs, and Velociraptor teams to prioritize roadmap items that improve threat hunting capabilities

• Provide timely reporting and feedback to stakeholders

• When applicable, publish threat hunting topics to the Rapid7 blog

The skills you’ll bring include:

• 2+ years in a DFIR role, primarily focused on endpoint forensics

• Broad knowledge of threat actor groups and their TTPs

• Experience with SIEM platforms and querying/analyzing large data sets

• Ability to work with minimal oversight and prioritize efficiently

• Strong analytical and research skills

• Ability to think creatively and intuitively

Differentiators:

• SANS FOR508 or FOR608 (or similar) and/or associated certifications (GCFA, GEIR, etc.)

• Experience conducting targeted threat hunting

• LEQL experience

• Experience with Velociraptor

• AWS Athena familiarity

• Experience with the InsightIDR SIEM/XDR platform

• Coding, engineering, and/or development experience

• Data science and/or AI experience