About the Team

Rapid7's Threat Intelligence & Detection Engineering (TIDE) team is built from the ground up to provide our customers with high-fidelity threat detections and alerting that limit threat actor dwell time and impact across our customers' ecosystems. Our TIDE team uses purposeful research, threat intelligence curation, observed malicious behavior, and informed collaboration to ensure that our detections evolve along with the ever-changing threat and technological landscape.

About the Role

As a Lead Threat Intelligence & Detection Engineer at Rapid7 you will contribute directly to our customers' security posture by detecting and preventing evil found in event logs, network packets, malicious endpoint processes, and more. Your experience in security research and threat intelligence analysis will inform and hone the strength of your detection work while contributing to the culture of research and information consumed within Rapid7 and by our customers. Not only that, but you will work hand in hand with a range of internal product teams to help guide our capabilities now and in the future. Did we mention mentoring? You will also serve as a leader for less-experienced team members, and become an escalation point for technical questions and detection philosophy.

Our team's mission is to empower excellence in our customer's security posture by continuously refining Rapid7's detection library, enhancing their effectiveness to swiftly identify incidents while reducing analyst strain. Our vision is to lead with an unparalleled, state-of-the-art, and globally recognized detection library to set new standards in cybersecurity.

In this role, you will:

* Utilize Rapid7's world-class software and threat intelligence to evaluate and improve the current Managed Services detection library.

* Collaborate closely with SOC Analysts, the Data Science team, Incident Response (IR) consultants, and security researchers.

* Conduct research on attacker behaviors and techniques using information gathered from IR engagements, OSINT, attacker trends, and malicious activity discovered through various telemetry sources.

* Collaborate with TIDE's own Detection Operations team to serve as an escalation point for less-experienced team members

* Work closely with product teams across Rapid7 to enhance our detection and response capabilities.

* Use a variety of skills to build rules that detect evil across network, endpoint, and cloud services.

The skills you'll bring include:

* 5+ years of detection engineering experience with 3+ years of cyber threat intelligence or security research.

* Experience using industry Threat Intelligence Platforms.

* Experience writing detections using Yara/Suricata/Sigma or similar frameworks.

* Experience with hands-on analysis of forensic artifacts and/or malware samples, and the ability to replicate TTPs utilized by threat actors for analysis with the purpose to detect or prevent them.

* A strong understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration throughout the attack lifecycle and how detections relate to those TPPs (particularly using the MITRE ATT&CK framework).

* Effective collaboration between different teams.

* A desire and drive to mentor more junior team members.

* Innovative problem solving mindset.

* Strong ability to perform research (search for, organize, and evaluate information) utilizing a variety of information sources.

* Strong written and verbal skills (English).

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.

About Rapid7

At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what's possible and drive extraordinary impact.

Here, we're building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 11,000+ global customers ahead of whatever's next.

Join us and bring your unique experiences and perspectives to tackle some of the world's biggest security challenges.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.