Incident Response Conulstant

Incident Responder

The Rapid7 Incident Responder is a hands-on, technical role focused on digital forensics and incident response that offers various customer-facing and consulting opportunities. In addition to MDR, retainer, and off-the-street incident escalations, the Incident Responder would assist in the delivery of all other existing incident response services, including proactive engagements and future on-demand offerings. 

About the Team

The Rapid7 Incident Response team is considered the tip of the spear within Rapid7's Detection & Response practice. This team is primarily responsible for ensuring 24/7 breach response coverage for Rapid7's MDR and retainer customers to ensure they have Rapid7’s unwavering support in their greatest times of need. All services are delivered using Rapid7's existing portfolio of detection and response solutions, such as Rapid7 InsightIDR and Velociraptor. The experiences gained by the members of this Managed Services team directly inform Rapid7's Product organization, driving continuous improvement of Rapid7 products for both Managed and standalone customers.

About the Role

Embedded within the Rapid7 MDR SOC pods, the Incident Responder’s responsibilities in this role would primarily include incident handling, timeline analysis, threat hunting/analysis, and delivering customer communications as needed. Incident Responders will be called upon to manage major incident response engagements as needed, with oversight from Lead Incident Responders. Additionally, a percentage of time would be focused on conducting continuous incident response research and service enablement through the improvement of internal process, procedures, and methodologies used to deliver incident response services.

In this role, you will:

• Deliver world-class incident response services, leading customer engagements utilizing Rapid7 technologies like InsightIDR and Velociraptor

• Assist with proactive threat hunting and compromise assessments of complex environments

• Assist with incident simulations, helping clients assess their ability to respond to major threats within their existing toolsets

• Advise clients on security best practices and attack mitigation strategies using enterprise security controls

• Assist in capturing and deploying knowledge of latest attacker methodologies 

• Advise MDR analysts on minor incident investigations

The skills you’ll bring include:

• 1-2 years of hands-on incident response experience, including conducting technical incident response investigations and forensic analysis

• Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools

• Strong technical experience in two of the five areas below 

  • Host forensics (Windows / Mac / Linux)

  • Network traffic analysis

  • Log Review

  • Malware triage

  • Cloud technologies, including AWS, Azure, and GCP

• Strong verbal and written communication skills, in particular the ability to effectively communicate investigation findings and associated mitigation and remediation actions to technical and non-technical audiences, including executive leadership and legal counsel

• Ability to build relationships with, and understand business needs of, customers and deliver demonstrable value 

• Demonstrable ability to provide leadership to junior team members through job shadowing and mentoring

• Outstanding time management and prioritization skills

• Willingness to participate in an on-call rotation that may include evening/weekend work, as required

• Relevant industry certifications, such as, but not limited to: GCIA, GCIH, GDAT, GCFE, and GFCA 

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact.
 

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever’s next.
 

Join us and bring your unique experiences and perspectives to tackle some of the world’s biggest security challenges.

#LI-JM2
#LI-REMOTE

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.