Lead Incident Response Consultant

US - VA - Arlington


US - VA - Arlington, US - Remote


Lead Incident Response Consultant

Rapid7 (Nasdaq: RPD) is advancing security with visibility, analytics, and automation delivered through our Insight cloud. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organization. For more information, visit our website, check out our blog, or follow us on LinkedIn.

Job Description

Do you enjoy being in the crusade, investigating unusual activity, tearing apart malware, and chasing attackers in realtime? Do you pride yourself on developing methods for identifying and investigating breaches? Do you feel compelled to help organizations improve their abilities to effectively detect threats and drive incident response? 

Rapid7's Detection & Response Services team offers the opportunity to respond to dynamic incidents, uncover previously unidentified breaches, and work with clients to simulate full-scale incidents in their own environments. Our Incident Response Consultants pride themselves on their ability to think critically, adapt to constantly changing attack methodologies, deliver top-notch Incident Response services, and help our customers improve their programs. 

Rapid7 Incident Responders split their time between reactive breach response cases - supporting Rapid7 customers, and others, in their greatest time of need, and proactive customer engagements - delivering threat hunting and detection & response exercises with our customers' dedicated internal security teams. Rapid7 aims to provide unparalleled work/life balance that allows talented experts to thrive in a reactive Incident Response setting. Incident Responders help to impact the direction of Rapid7's Products and Services.

Job Responsibilities:

  • Deliver world-class incident response services, leading customer engagements while mentoring a team of peers and colleagues and utilizing Rapid7 technologies like InsightIDR and Velociraptor

  • Conduct proactive threat hunting and compromise assessments of complex environments

  • Drive incident simulations, helping clients assess their ability to respond to major threats within their existing toolsets

  • Co-deliver tabletop exercises with Rapid7's Advisory Services consultants

  • Advise clients on security best practices and attack mitigation strategies using enterprise security controls

  • Assist in capturing and deploying knowledge of latest attacker methodologies 

  • Proactively improve the delivery of existing incident response service offerings and identify opportunities for new or expanded service offerings

  • Provide continuous feedback to Rapid7 product development and engineering teams

  • Earnestly participate within Rapid7 Community and Security Industry as advocate and advisor

Job Requirements:

  • 3-5 years of hands-on incident response experience.

  • Experience leading customer facing incident response engagements with minimal oversight

  • Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, NDR, Velociraptor, OSQuery, and others

  • Strong technical experience in four of the five areas below 

    • Host forensics (Windows / Mac / Linux)

    • Network traffic investigation

    • Log Review

    • Malware triage

    • Cloud technologies, including AWS, Azure, and GCP

  • Ability to build relationships with and understand business needs of customers and deliver demonstrable value 

  • Outstanding verbal and written communication skills, in particular the ability to effectively communicate investigation findings and associated mitigation and remediation actions to technical and non-technical audiences, including executive leadership and legal counsel

  • Proven ability to drive functional teams, programs, or projects

  • Proven ability to provide leadership to junior team members and peers alike through job shadowing, documentation, and development of formal training 

  • Outstanding time management and prioritization skills

  • Willingness to travel up to 10% when travel resumes

  • Willingness to participate in an on call rotation that may include evening/weekend work, as required

  • Relevant industry certifications, such as but not limited to GCIA, GCIH, GDAT, GCFE, and GFCA 


  • Experience working with external legal counsel, breach coaches, cyber insurance providers

  • Experience working in an MDR or other managed service setting

  • Desire to contribute to the improvement of commercial and open source tools, such as InsightIDR and Velociraptor to aid fellow DFIR practitioners and product customers

  • Drive research initiatives to further incident response capabilities and brand reputation through media interaction, public speaking, and blogs

Equal Opportunity Employer 

Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and firmly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it's the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!