Rapid7 Senior Detection Operations Engineer 

United States, Virginia, Arlington 

927181484

About the Role

In addition, you will learn from IR engagements, SOC incidents, and a variety of other sources and apply that knowledge to inform new detections for use across our customer base, while assisting more junior teammates.

In this role, you will:

• Utilize Rapid7’s world-class software and threat intelligence to evaluate and improve the current InsightIDR detection library, including coordinating third-party integration projects.

• Collaborate closely with SOC Analysts, the Data Science team, Incident Response (IR) Consultants, Customer Advisors, and security researchers.

• Conduct research on attacker behaviors and techniques using information gathered from IR engagements, other incidents and malicious activity discovered through various telemetry sources.

• Conduct detection testing in a controlled environment.

• Collaborate with Rapid7’s Emergent Threat Response (ETR) team to ensure Rapid7 has detection coverage during large scale exploitation of vulnerabilities from recently disclosed zero days or CVEs.

• Utilize expert level skills in multiple security domains to build rules that detect or prevent evil across network, endpoint and cloud services.

The skills you’ll bring include:

• 5+ years as a SOC Analyst/Incident Responder/Offensive security practice experience OR 4+ years of cyber threat intelligence/research/detection engineering experience.

• Experience using industry Threat Intelligence Platforms.

• Experience writing detections using different frameworks such as SIGMA, YARA, REGEX, Suricata, Snort, JSON or LEQL

• Thorough experience with hands-on analysis of forensic artifacts and/or malware samples

• Understanding of how attacker behavior looks within different log sets and being able to translate the behavior into actionable detections focused on attacker behavior rather than just Indicators of Compromise (IOCs).

• Ability to research, analyze, and interpret threat intelligence data from various sources and translate the information into actionable detection rules

• A thorough understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.

• Experience writing standard EDR detections (Sentinel One/Crowdstrike/Defender) or use case rules (Splunk or equivalent tool).

• Strong writing and verbal skills for communicating information in a manner that is easily understood by both technical and non-technical individuals

• Effective collaboration between different teams.

• Innovative problem solving mindset.