Location: Arlington, VA (Potential consideration for Dublin or Melbourne, Australia)
Team: Managed Services
Have you worked in or with a SOC before and found significant success solving team-wide problems via writing scripts and/or standing up infrastructure? Have you developed in a fast-paced DevOps style manner that knows how to solve for today and iterate to perfection? Can you derive, and help others derive, meaning from mangled and obfuscated data (i.e. parse and display forensic artifacts, obfuscated PowerShell, Raw hex, Base64, Rot13)? If given API access, can you ruthlessly interrogate it to derive valuable information?
Rapid7 is looking for security practitioners with engineering skills or engineers/coding professionals with information security skills to support Rapid7's Managed Services teams (MDR, IR, TIDE, MAS, MVM, etc).
This role is looking for someone that lives for the development of fast and practical tools and applications that solve the SOC problems of today, plan for the SOC problems of tomorrow, and acts as a true force multiplier for front-line security practitioners (24x7 SOC analysts, threat hunters, IR consultants, ). Your ability to successfully carry out the core functions of this role will require strong communication skills, high ops-tempo, and unwavering sense of self-accountability.
Take initiative in making the hunt for evil less taxing on the SOC
Maintain a strong sense of urgency and integrity in your work.
There is an expectation for continuous progress and "picking up a shovel." Always work smarter, it's not just code: fix inadequate processes, teach, present, etc.
We can train you to communicate solutions and outcomes cleanly and clearly, but we don't promote "salesmanship" in technical work.
Perform research and enhance skills to solve the underlying problems vs. closing tickets “to spec”.
Even if you haven't already implemented it before, the expectation of this hire would be to understand when and why people choose the following:
Terraform vs cloud formation
SQS vs Cloudtrail triggers for Batch vs. Lambda
Postgres vs. Mongo vs. Elastic,
Whonix vs. Cuckoo vs. SIFT.
Aligned to the SOC's needs
Data Analysis: Pandas, PostgreSQL, MongoDB, Elastic, and any AWS corollaries
Data Delivery: DBs/Forensic Artifacts/etc <-> JSON, CSVs, Datatables
Data Accessibility: API-first, scripts/CLI tools, web apps, controlled cloud access (AWS)
Data Relevance: what data the SOC needs, why they want it, and how they need it
Deploying at a high cadence (DevOps):
CI/CD: Github -> Jenkins (Chef, Saltstack, Ansible, Puppet experience also works)
IAC: Terraform (Cloudformation, etc also works)
Several deployments per person, per week
programmatic: unit tests
functional: locally with docker instances and dev. environments
live: you're not done after a prod deploy. Log monitoring & rotating on-call. Think SRE
Shared working spaces
Flexible work hours
Work from home flexibility (case by case basis)
Weekly learning sessions on voted topics regarding ongoing attacker campaigns and new tech.
Spare work cycles for R&D and personal growth