Senior Incident Response Consultant

US - Remote


US - Remote


Security Services

Senior Incident Response Consultant

Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We're on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.
With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.

Job Description

Do you enjoy the cat-and-mouse game of Detection & Response, investigating unusual activity, uncovering previously unidentified compromises, and chasing attackers in real time? Do you pride yourself on developing methods for identifying and analyzing breaches? Do you feel compelled to help organizations improve their abilities to effectively detect threats and drive incident response? Would you like to encapsulate your knowledge as a practitioner into Rapid7 products and procedures?


Rapid7's Detection & Response Services team offers the opportunity to respond to active incidents, uncover previously unidentified breaches, and work with clients to simulate full-scale incidents in their own environments. Our Incident Response Consultants pride themselves on their ability to think critically, adapt to constantly changing attack methodologies, deliver top-notch Incident Response services, and help our customers improve their programs. 


Rapid7 Incident Responders split their time between reactive breach response cases - supporting Rapid7 customers in their greatest time of need, and proactive customer engagements - delivering threat hunting and detection & response exercises with our customers' dedicated internal security teams. Rapid7 aims to provide unparalleled work/life balance that allows talented Detection & Response experts to thrive in a reactive Incident Response setting. Incident Responders help to impact the direction of Rapid7's Products and Services.


Job Responsibilities:

  • Deliver world-class incident response services, leading customer engagements utilizing Rapid7 technologies like InsightIDR and Velociraptor

  • Co-lead proactive threat hunting and compromise assessments of complex environments

  • Co-lead incident simulations, helping clients assess their ability to respond to major threats within their existing toolsets

  • Advise clients on security best practices and attack mitigation strategies using enterprise security controls

  • Assist in capturing and deploying knowledge of latest attacker methodologies 

Job Requirements:

  • 1-3 years of hands-on incident response experience, including leading and conducting technical incident response investigations 

  • Experience in enterprise security and how various technologies work together for increasing threat detection and streamlining incident response including EDR, SIEM, Velociraptor, OSQuery, and other tools

  • Strong technical experience in three of the five areas below 

    • Host forensics (Windows / Mac / Linux)

    • Network traffic analysis

    • Log Review

    • Malware triage

    • Cloud technologies, including AWS, Azure, and GCP

  • Ability to build relationships with and understand business needs of customers and deliver demonstrable value 

  • Outstanding verbal and written communication skills, in particular the ability to effectively communicate investigation findings and associated mitigation and remediation actions to technical and non-technical audiences, including executive leadership and legal counsel

  • Proven ability to provide leadership to junior team members through job shadowing

  • Outstanding time management and prioritization skills

  • Willingness to travel up to 10% when travel resumes

  • Willingness to participate in an on call rotation that may include evening/weekend work, as required

  • Relevant industry certifications, such as but not limited to GCIA, GCIH, GDAT, GCFE, and GFCA 


  • Experience working with external legal counsel, breach coaches, cyber insurance providers

  • Desire to contribute to the improvement of commercial and open source tools, such as InsightIDR and Velociraptor to aid fellow DFIR practitioners and product customers

  • Drive research initiatives to further incident response capabilities and brand reputation through media interaction, public speaking, and blogs

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.