MDR Analyst

Rapid7•Arlington, TX

About The Position

Detection & Response Analyst We are looking for people with a passion for investigation and forensic analysis to join our MDR SOC team at Rapid7. As a Detection & Response Analyst, you will utilize Rapid7’s advanced tools to investigate and triage security events and work side-by-side Rapid7’s Incident Response Consultants to investigate incidents ranging from commodity malware to sophisticated threat actors. About the Team Rapid7’s Managed Detection and Response (MDR) team is built from the ground up to bring motivated and passionate security talent face to face with emerging threats, practical challenges, and evil at scale. Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence. About the Role As a Detection and Response Analyst in Rapid7’s SOC, you will be responsible for identifying and analyzing malicious activity in a multitude of customer environments. You will be enabled to complete investigations scaling in complexity from account compromises and commodity malware infections, to complex web server compromises and zero-day vulnerability exploitation. Your Customer Advisor colleagues will be responsible for direct communication with the customers, enabling you to dedicate your efforts to analysis. Your team will be available to answer questions, provide guidance, and assist you in investigations, if needed. In this role, you will:

Requirements

1-2 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)
Understanding of core operating system concepts in Windows, MacOS/Darwin, and Linux. This includes at least an understanding of common internal system tools and directory structures.
A fundamental understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.
Practical experience gained through CTF and HTB challenges, as well as personal or professional usage of common penetration testing tools such as Mimikatz, Metasploit modules, BloodHound, etc.
Experience with hands-on analysis of forensic artifacts and/or malware samples.
Passion for continuous learning and growth in the cybersecurity world.
Effective collaboration within the SOC and between departments.
Dedication to putting each customer’s needs and concerns at the forefront of all decision making.

Responsibilities

Utilize Rapid7’s world-class software and threat intelligence to identify potential compromises in customer environments as necessary.
Conduct investigations into a variety of malicious activity on workstations, servers, and in the cloud. You will investigate all levels of incidents, including Incident Response engagements in which you will provide analysis assistance to Rapid7’s Incident Response Consultants.
Write Incident Reports for each minor incident investigation you complete, which follow MITRE’s ATT&CK Framework and include your own forensic, malware, and root-cause analysis.
Communicate with Customer Advisors regarding investigation findings, Requests For Information from clients, and remediation and mitigation recommendations.
Communicate with other analysts to share new intelligence regarding tactics, techniques, and trends utilized by threat actors.
Provide continuous input to Rapid7’s Threat Intelligence and Detection Engineering team regarding new detection opportunities.
Assist in customer engagement opportunities pertaining to the function of your role in the MDR service as necessary.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume