Does your curiosity push you to investigate unusual activity, tear apart malware, and stay on the trail of attackers in real time? Do you pride yourself on developing novel methods of identifying and analyzing breaches? Do you feel compelled to help organizations improve their abilities to effectively detect threats and drive incident response?
Rapid7's Detection & Response Services team offers the opportunity to respond to active incidents, uncover previously unidentified breaches, and work with clients to simulate full-scale incidents in their own environments. Our Incident Response Consultants pride themselves on their ability to think critically, adapt to constantly changing attack methodologies, deliver top-notch Incident Response services, and help our customers improve their programs.
Rapid7 Incident Responders split their time between reactive breach response cases - supporting Rapid7 customers, and others, in their greatest time of need, and proactive customer engagements - delivering threat hunting and detection & response exercises with our customers' dedicated internal security teams. Rapid7 aims to provide unparalleled work/life balance that allows talented experts to thrive in a reactive Incident Response setting. Incident Responders help to impact the direction of Rapid7's Products and Services.
This is Rapid7's first Incident Response consulting role in Australia. The individual hired would work with dedicated Incident Response counterparts in the United States and Europe, while being supported globally by Rapid7's MDR service, including dedicated analysts in the region.
Deliver world-class incident response services, leading customer engagements while mentoring a team of peers and colleagues and utilizing Rapid7 technologies like InsightIDR and Velociraptor
Conduct proactive threat hunting and compromise assessments of complex environments
Lead incident simulations, helping clients assess their ability to respond to major threats within their existing toolsets
Advise clients on security best practices and attack mitigation strategies using enterprise security controls
Assist in capturing and deploying knowledge of latest attacker methodologies
Provide continuous feedback to Rapid7 product development and engineering teams
Help to drive adoption and delivery of proactive and reactive services within the region
Actively participate within Rapid7 Community and Security Industry as advocate and advisor
Minimum 3 years of hands-on incident response experience.
Experience leading customer facing incident response engagements with minimal oversight
Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, NDR, Velociraptor, OSQuery, and others
Strong technical experience in four of the five areas below
Host forensics (Windows / Mac / Linux)
Network traffic analysis
Cloud technologies, including AWS, Azure, and GCP
Ability to build relationships with and understand business needs of customers and deliver demonstrable value
Outstanding verbal and written communication skills, in particular the ability to effectively communicate investigation findings to technical and non-technical audiences.
Proven ability to provide leadership to junior team members and peers alike through job shadowing, documentation, and development of formal training
Outstanding time management and prioritization skills
Willingness to travel up to 10% when travel resumes
Relevant industry certifications, such as but not limited to GCIA, GCIH, GDAT, GCFE, and GFCA
Experience working as part of an MDR service or other managed service setting
Desire to contribute to the improvement of commercial and open source tools, such as InsightIDR and Velociraptor to aid fellow DFIR practitioners and product customers
Drive research initiatives to further incident response capabilities and brand reputation through media interaction, public speaking, and blogs