Do you enjoy information security research and threat intelligence? Do you have experience tracking nation state and cyber criminal threat actors? Would you like the opportunity to research and report on the latest threats and techniques used by attackers?
Rapid7 Managed Detection and Response operate around-the-clock to identify vulnerabilities, detect breaches, respond and investigate attacker activity, and help our customers improve their ability to deal with threats.
We are looking for a Threat Intelligence Lead to research and help to power Rapid7's detection and response products and services.
This position is on our Threat Intelligence and Detection Engineering (TIDE) team and is located in our flagship SOC in Arlington, Virginia. The TIDE team is responsible for threat intelligence, detection engineering and malware analysis at Rapid7. Our mission is to curate threat intelligence and maintain visibility in order to create alerting worthy of human review through applied research and observation of malicious actor behavior. Our vision is to know when, by whom and why. We work across the incident lifecycle to build detections and identify patterns of activities to better understand an adversary's actions, expedite response, and constantly update the collective understanding of threats. In addition to leveraging this knowledge to arm our analysts and incident responders, we also provide actionable threat intelligence to Rapid7 customers in the form of security advisories and quarterly threat reports.
Self guided research to track threat actors of importance for Rapid7 products and services.
Write publications on the latest observed attacker techniques.
Continuously curate additional information for our threat intelligence management platform.
Track indicators of compromise along the intelligence lifecycle, identifying when they need to be updated or retired.
Devise new methods of analysis and application of threat intelligence for alerting purposes.
Be an escalation point for more senior team members and Rapid7 internal customers.
5+ years of cyber threat intelligence
Prior experience with graphical link analysis tools (Maltego, Analyst Notebook, Palantir)
Prior experience with threat indicator management platforms (ThreatQ, Anomali, RecordedFuture)
Prior experience with Endpoint Detection & Response (EDR) .
Expert knowledge of common operating systems, services, networking protocols, logging, attacker techniques and tools.
Prior operational experience leveraging threat intelligence to detect and respond to adversaries.
A strong understanding of the current threat landscape including the latest tactics, tools, and procedures, common malware variants, and effective techniques for detecting this malicious activity.
Extremely strong written and verbal skills.
Prior MSSP experience.
Publications and conference speaking engagements.