Expoint - all jobs in one place

המקום בו המומחים והחברות הטובות ביותר נפגשים

Limitless High-tech career opportunities - Expoint

Rapid7 Threat Hunter - MDR 
Australia, Victoria, Melbourne 
610095367

22.09.2024

Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.


In this role, you will:

  • Conduct ongoing hypothesis-based threat hunts utilizing new TTPs and IOCs/IOAs, discovered through proactive research as well as collaboration with other teams within the organization

  • Serve as a core component of the Rapid7 ETR team to provide expertise and conduct hunts based on classified emerging threats across MDR customers

  • Conduct targeted hunts during major incidents based on past attacker activity and Incident Manager direction

  • Help document and improve hunting processes, tools, and capabilities

  • Develop new Velociraptor hunt packages based on research and findings

  • Work closely with engineering, endpoint, TIDE, Rapid7 Labs, and Velociraptor teams to prioritize roadmap items that improve threat hunting capabilities

  • Provide timely reporting and feedback to stakeholders

  • When applicable, publish threat hunting topics to the Rapid7 blog

The skills you’ll bring include:

  • 2+ years in a DFIR role, primarily focused on endpoint forensics

  • Broad knowledge of threat actor groups and their TTPs

  • Experience with SIEM platforms and querying/analyzing large data sets

  • Ability to work with minimal oversight and prioritize efficiently

  • Strong analytical and research skills

  • Ability to think creatively and intuitively

Differentiators:

  • SANS FOR508 or FOR608 (or similar) and/or associated certifications (GCFA, GEIR, etc.)

  • Experience conducting targeted threat hunting

  • LEQL experience

  • Experience with Velociraptor

  • AWS Athena familiarity

  • Experience with the InsightIDR SIEM/XDR platform

  • Coding, engineering, and/or development experience

  • Data science and/or AI experience