Senior Detection Engineer

Do you enjoy information security research and threat intelligence? Would you like the opportunity to research and report on the latest threats and techniques used by attackers? As a Senior Detection Engineer, you will be responsible for the upkeep and evaluation of the detection library for the MDR service.
About the Team
Rapid7's Threat Intelligence & Detection Engineering (TIDE) team provides our customers with high-fidelity threat detections and alerting that limit threat actor dwell time and impact across their ecosystems. The TIDE team uses purposeful research, threat intelligence curation, observed malicious behavior, and informed collaboration to ensure that our detections evolve along with the ever-changing threat and technological landscape.
About the Role
As a Senior Detection Engineer, your primary responsibility will be to continuously refine Rapid7's detection library to empower excellence in our customer's security posture.
Specifically, your focus will be to:

• Utilize Rapid7's world-class software and threat intelligence to evaluate and improve the current InsightIDR detection library, including coordinating third-party integration projects.
• Conduct research on attacker behaviors and techniques using information gathered from IR engagements, other incidents, and malicious activity discovered through various telemetry sources.
• Collaborate closely with SOC Analysts, the Data Science team, Incident Response (IR) Consultants, Cybersecurity Advisors, and Security Researchers.
• Conduct detection testing in a controlled environment.
• Collaborate with Rapid7's Emergent Threat Response (ETR) team to ensure Rapid7 has detection coverage during large-scale exploitation of vulnerabilities from recently disclosed zero days or CVEs.
• Utilize expert-level skills in multiple security domains to build rules that detect or prevent evil across network, endpoint, and cloud services.

The skills and qualities you'll bring include:

• Innovative problem-solving mindset.
• Strong ability to perform research (search for, organize, and evaluate information).
• Strong written and verbal skills.
• Effective collaboration between different teams.
• 5+ years as a SOC Analyst/Incident Responder/Offensive security practice experience OR 4+ years of cyber threat intelligence/research/detection engineering experience.
• Experience using industry Threat Intelligence Platforms.
• Experience writing detections using Yara/Suricata/Sigma or similar.
• Experience with hands-on analysis of forensic artifacts and/or malware samples.
• Conduct research using various OSINT methods.
• A solid understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope - just like we've been doing for the past 20 years. If you're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.
#LI-BD1 #LI-Remote
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.