Threat Hunter - MDR
AUS Melbourne
Rapid7
Level up SecOps with the only endpoint to cloud, unified cybersecurity platform. Confidently act to prevent breaches with a leading MDR partner. Request demo!The Rapid7 Managed Services Threat Hunting team is responsible for performing proactive, hypothesis-driven threat hunts across all Managed Detection and Response (MDR) customers to identify emerging cyber threats and malicious activity on networks and systems.
The Threat Hunter will work proactively to uncover malicious activity that may have been missed by traditional security measures, and will develop strategies to mitigate current and future threats. This role leverages internal and open source tools to accomplish threat hunting at scale. The Threat Hunting team is also responsible for coordinating closely with Rapid7’s Emergent Threat Response (ETR) program and working closely with related cross-functional teams.
About the Team
Rapid7’s Managed Detection and Response (MDR) team is built from the ground up to bring motivated and passionate security talent face to face with emerging threats, practical challenges, and evil at scale.
Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.
About the Role
Rapid7’s Threat Hunters are tenacious individuals who enjoy analyzing threats and trends, both novel and tried-and-true, and using their heads to craft hypotheses that lead them on the hunt for the proverbial needle-in-a-haystack.
The day-to-day of a Threat Hunter may include conducting research on threat actor Tactics, Techniques, and Procedures (TTPs), determining what types of activities may be worthy of hunting for, and formulating the best method by which to dig through customers’ data in order to identify evidence of said TTPs; or, in the case of the swell-up of events qualifying for Rapid7’s Emergent Threat Response, assisting teams across Rapid7 in identifying ways to search for and notify customers of the next big evil thing that could be sitting right on their doorstep, waiting to pounce. Hunters may derive hypotheses that are worthy of conducting broad-scale hunts across the entire MDR customer base, or they may target specific customer environments or industry verticals to sniff out compromises new or old.
Threat Hunters pay close attention to the activities observed in Incident Response engagements, identifying TTPs and Indicators of Compromise/Attack (IOCs/IOAs) that may be worth searching for in other customer environments, and glean insights from the Threat Intelligence and Detection Engineering (TIDE) team’s latest and greatest detections to help craft hypotheticals potentially worthy of the hunt. Threat Hunters also have the unique opportunity to work directly with the minds behind Rapid7’s industry-leading open-source DFIR tool, Velociraptor, crafting new hunt packages and contributing directly back to the cybersecurity community.
In this role, you will:
Conduct ongoing hypothesis-based threat hunts utilizing new TTPs and IOCs/IOAs, discovered through proactive research as well as collaboration with other teams within the organization
Serve as a core component of the Rapid7 ETR team to provide expertise and conduct hunts based on classified emerging threats across MDR customers
Conduct targeted hunts during major incidents based on past attacker activity and Incident Manager direction
Help document and improve hunting processes, tools, and capabilities
Develop new Velociraptor hunt packages based on research and findings
Work closely with engineering, endpoint, TIDE, Rapid7 Labs, and Velociraptor teams to prioritize roadmap items that improve threat hunting capabilities
Provide timely reporting and feedback to stakeholders
When applicable, publish threat hunting topics to the Rapid7 blog
The skills you’ll bring include:
2+ years in a DFIR role, primarily focused on endpoint forensics
Broad knowledge of threat actor groups and their TTPs
Experience with SIEM platforms and querying/analyzing large data sets
Ability to work with minimal oversight and prioritize efficiently
Strong analytical and research skills
Ability to think creatively and intuitively
Differentiators:
SANS FOR508 or FOR608 (or similar) and/or associated certifications (GCFA, GEIR, etc.)
Experience conducting targeted threat hunting
LEQL experience
Experience with Velociraptor
AWS Athena familiarity
Experience with the InsightIDR SIEM/XDR platform
Coding, engineering, and/or development experience
Data science and/or AI experience
We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.
About Rapid7
At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact.
Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever’s next.
Join us and bring your unique experiences and perspectives to tackle some of the world’s biggest security challenges.
#LI-PB1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS DFIR Forensics GCFA Incident response Monitoring Open Source SANS SIEM SOC Threat intelligence TTPs XDR
Perks/benefits: Career development Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.