Rapid7 Associate Detection & Response Analyst 

United States, Virginia, Arlington 

256451037

About the Role

Most days for Associate Analysts will consist of reviewing alert data to identify evil activity in customer environments. In these roles you will be empowered to steer investigations. Investigations include everything from evidence acquisition and analysis to figure out how the intrusion began to identify any malicious or unexpected activity related to the event. Based on this investigation you will be responsible for writing an incident report which includes your technical analysts, documented findings and remediation recommendations for customers. Your colleague, a Customer Advisor, will be responsible for direct communication with the customer. You will have fellow analysts who will be ready to help you if you encounter a problem or have a question, including Mid, Senior and Lead Analysts. In addition to live response, in the event of a security incident that rises to the level of a Remote Incident Response engagement, Associate Analysts may be tasked with performing investigation tasks related to the investigation. In this circumstance you will focus on helping a team track threat actor actions across an environment by examining forensic artifacts.

To watch an Associate Analyst in action, check out this webinar:

In this role, you will:

• Deliver world-class threat detection services using traditional threat intelligence-based detection and user behavior analytics

• Conduct or assist with Rapid7 incident response investigations.

• Assist in capturing and deploying knowledge of attack methodologies

• Provide continuous input to Rapid7 product development teams

The skills you’ll bring include:

• A passion for cybersecurity

• Problem solving, critical thinking, and ingenuity.

• A keen curiosity and excitement to learn

• Willingness to work on a shift schedule, including evenings and a Saturday or Sunday

• The Rapid7 MDR SOC has a shift rotation which requires associate analysts to work a 4:3 schedule from 10 AM - 8 PM after a 90 day onboarding and training period. The shifts are from Sunday-Wednesday and Wednesday-Saturday.

• Knowledge of Windows, Linux operating systems

• Fundamental knowledge of security concepts (lateral movement, privilege escalation, persistence methods, command and control, exfiltration, etc.)

• Security Certifications (GFACT, GSEC, GCIA, GCIH, CySA+, CASP+, Security+, etc.)

• Scripting/coding ability

• Participation in CTF events

• Participation in red team/blue team training tools such as HackTheBox, TryHackMe, and LetsDefend

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 11,000+ global customers ahead of whatever’s next.