Rapid7 Detection & Response Analyst 

United States, Virginia, Arlington 

798364427

About the Role

You will be enabled to complete investigations that can scale in complexity from simple account compromises and commodity malware infections to complex web server compromises and zero-day vulnerability exploitation. Your primary trigger for such investigations will be from reviewing alert data, though you’ll investigate inbound customer requests, as well. However, your Customer Advisor colleagues will be largely responsible for direct communication with the customers, enabling you to dedicate your efforts to investigation and analysis.

While you will own your investigations, you aren’t expected to know everything! You’ll even likely come across a lot of data you’re not familiar with throughout your time in this role, and taking on these investigations is one of the best ways to learn. If you need help, your team lead will ensure you’re able to get the information you need, and your analyst colleagues are available to answer questions, too. Additionally, your team lead will assist you with learning how to prioritize and balance your time between alert triage and in-flight investigations to ensure the best customer outcomes possible.

In this role, you will work on one of the following shift schedules:

Shift B:Wednesday-Saturday from 10am-8pm ET

Rapid7 requires its TACOPS analysts to work two of their four days on shift in office, with one of those days being Wednesday for shift changeover.

In this role, you will:

• Utilize Rapid7’s world-class software and threat intelligence to identify potential compromises in customer environments

• Conduct investigations into a variety of malicious activity on workstations, servers, and in the cloud

  • These investigations include conducting analysis of log data collected by our world-class SIEM and forensic artifacts acquired from affected endpoints

• Provide timely communication of investigation findings to Customer Advisors in order to provide Rapid7’s customers with the information they need to remediate the current incident and prevent future ones from occurring

• Prepare Incident Reports for each investigation you complete, which follows MITRE’s ATT&CK Framework and includes your own forensic, malware, and root-cause analysis

• Communicate with other analysts to share new intelligence regarding tactics, techniques, and trends utilized by threat actors

• Interface with our global SOCs to facilitate investigation and shift handoffs

• Provide continuous input to Rapid7’s Threat Intelligence and Detection Engineering team regarding new detection opportunities

The skills you’ll bring include:

• 1-2 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)

• Understanding of core operating system concepts in Windows, MacOS/Darwin, and Linux.

  • This includes at least a basic understanding of common internal system tools and directory structures

• An understanding of investigative methodology and the incident response lifecycle, cyber killchain, etc:

  • Knowing what questions to ask to begin an investigation and, regardless of tech stack, have an idea of where to look to answer them.

  • A fundamental understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration

• Willingness to work on a shift schedule, including evenings and a Saturday or Sunday

  • The Rapid7 MDR SOC has a shift rotation which requires analysts to work a 4:3 10 hour shift schedule after a 90 day onboarding and training period. The shifts are from Sunday-Wednesday and Wednesday-Saturday.

• Practical experience gained through CTF and HTB challenges, as well as personal or professional usage of common penetration testing tools such as Mimikatz, Metasploit modules, BloodHound, etc.

• Experience with hands-on analysis of forensic artifacts and/or malware samples

• Passion for cybersecurity and for continuous learning and growth

• Problem solving, critical thinking, ingenuity

• A keen curiosity and excitement to learn

• Effective communication skills to allow for cross-functional collaboration within the SOC and between departments

• Dedication to putting each customer’s needs and concerns at the forefront of all decision making.