המקום בו המומחים והחברות הטובות ביותר נפגשים
Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.
In this role, you will:
Conduct ongoing hypothesis-based threat hunts utilizing new TTPs and IOCs/IOAs, discovered through proactive research as well as collaboration with other teams within the organization
Serve as a core component of the Rapid7 ETR team to provide expertise and conduct hunts based on classified emerging threats across MDR customers
Conduct targeted hunts during major incidents based on past attacker activity and Incident Manager direction
Help document and improve hunting processes, tools, and capabilities
Develop new Velociraptor hunt packages based on research and findings
Work closely with engineering, endpoint, TIDE, Rapid7 Labs, and Velociraptor teams to prioritize roadmap items that improve threat hunting capabilities
Provide timely reporting and feedback to stakeholders
When applicable, publish threat hunting topics to the Rapid7 blog
The skills you’ll bring include:
2+ years in a DFIR role, primarily focused on endpoint forensics
Broad knowledge of threat actor groups and their TTPs
Experience with SIEM platforms and querying/analyzing large data sets
Ability to work with minimal oversight and prioritize efficiently
Strong analytical and research skills
Ability to think creatively and intuitively
Differentiators:
SANS FOR508 or FOR608 (or similar) and/or associated certifications (GCFA, GEIR, etc.)
Experience conducting targeted threat hunting
LEQL experience
Experience with Velociraptor
AWS Athena familiarity
Experience with the InsightIDR SIEM/XDR platform
Coding, engineering, and/or development experience
Data science and/or AI experience
משרות נוספות שיכולות לעניין אותך