Senior Security Engineer - Detection and Response

US - MA - Boston


US - MA - Boston, US - Remote, US - TX - Austin, US - FL - Tampa, CA Los Angeles, US - VA - Arlington


Information Security

The Opportunity:

The internal Security Operations team at Rapid7 is focused on creating highly automated and distributed threat detection and incident response programs as well as working with partner teams to build advanced capabilities that support the incident lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity at our company.

As a senior security engineer on the team, you will have direct impact building, optimizing, and growing securing capabilities as you help Rapid7 achieve our mission to close the security achievement gap for our customers by 2025. This role will focus on adding automation to our threat detection and incident response life cycles while providing feedback to our internal product teams on new features, products, and services that benefit us and our customers. You will also be trained to be an incident commander for our incident response activities

What you'll do

  • Perform investigations of security incidents using your knowledge and understanding of digital forensic artifacts, log data analysis and/or developing automation for investigation & response capabilities at scale. 

  • Coordinate and drive resolution on incidents as part of an on-call team. Analyze root causes, trends, and systematic issues.

  • Create and automate threat detection and hunting based on indicators observed during incident response or from other sources.

  • Help define and execute strategy for the security operations team.  

  • Collaborate well with cross-functional partner teams, such as Security Engineering, Governance, Risk, and Compliance, Information Technology, Platform Delivery (DevOps), Product, Legal, Privacy, and Engineering for efficient, large-scale response.

  • Build security automation and tooling for on-premise and cloud environments.

  • Work closely with Rapid7 product teams as a customer to provide feedback on features/solutions we can bring to our customers

Qualifications and Traits:

Desired Background:

  • You work well cross-functionally and can communicate with audiences who may not have a security background.

  • Hands-on technical experience in security engineering, systems engineering, software engineering, or network engineering

  • Experience in incident response including host and cloud forensics, incident management, threat intelligence, threat hunting, and/or security detection.

  • Ability to lead people in complex, high stress, ambiguous situations through influence and not authority.

  • Ability to work calmly and collaboratively in critical situations with expediency.  

  • Experience automating threat detection and response processes, such as triage, analysis, containment, mitigation, and/or remediation activities

  • Experience with Python will go a long way, but experience with other languages such as Go, JavaScript, etc. works too

  • We are not focused on specific tools but we often use AWS services (API Gateway, Lambda), GCP, Kubernetes, SQL, and more.

Even better:

  • Experience in cloud automation tools such as Terraform, CloudFormation, Ansible, Puppet, Chef, etc.

  • Experience with policy-as-code frameworks such as Terraform Sentinel, CFN Guard, OPA, Checkov, etc.

Our Team:

  • Our goal is to build a diverse team representing talented people with various backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better and more enjoyable our work will be.

Rapid7 (Nasdaq: RPD) is advancing security with visibility, analytics, and automation delivered through our Insight cloud. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organization. For more information, visit our website, check out our blog, or follow us on LinkedIn.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.