Detection & Response Analyst

3+ months agoArlington, VA

About the MDR Team:

Rapid7 Managed Detection and Response (MDR) is built from the ground up to bring motivated and the passionate security talent face to face with emerging threats, practical challenges, and evil at scale. Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.

Who We Are:

Rapid7 helps organizations around the globe advance securely. Our technology, services, and community-focused research simplify complexity for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. With more than 9,000 customers across 120 countries, Rapid7 is a recognized innovator in cybersecurity that has proudly earned numerous industry accolades and wide recognition for our technology and culture.

About the Role:

Rapid7 is looking for security analysts to help us detect advanced threats and stop attackers in their tracks at our flagship SOC in Arlington, VA. This position currently has openings at the Mid and Senior Analysts. MDR analysts are primarily focused on 24/7 SOC monitoring and real-time incident validation, threat hunting, and incident response. This is a private industry position and does not require any level of government security clearance.

A Day in the Life:

Most days for Associate and Mid Level Analysts will consist of reviewing alert data to identify evil activity in customer environments. In these roles you will be empowered to steer investigations. Investigations include everything from evidence acquisition and analysis to figure out how the intrusion began to identify any malicious or unexpected activity related to the event. Based on this investigation you will be responsible for writing a Findings Report which includes your technical analysts, documented findings and remediation recommendations for customers. Your colleague, a Customer Advisor, will be responsible for direct communication with the customer. You will have fellow analysts who will be ready to help you if you encounter a problem or have a question, including Senior and Lead Analysts. In addition to live response, the MDR SOC also performs threat hunting on a monthly basis. Threat hunting is performed in an effort to identify unknown threats in a customer environment.

In the event of a security incident that rises to the level of a Remote Incident Response engagement, you may be tasked with performing investigation tasks related to the investigation. In this circumstance you will focus on helping a team track threat actor actions across an environment by examining forensic artifacts.

Senior Analysts can expect to have similar responsibilities for reviewing alerts, though you will also be expected to spend some time on SOC enablement projects whether they be engineering projects, tooling, developing or delivering training, or other innovation projects. You will be occasionally responsible for meeting with current and prospective clients to help explain SOC processes and capabilities. During a Remote Incident Response engagement, you will act as an incident manager handling direct customer communication or as an incident handler overseeing the investigation and managing task delegation for it.

Job Duties:

  • Deliver world-class threat detection services using traditional threat intelligence-based detection and user behavior analytics
  • Work on shift as part of a threat detection team in the Rapid7 SOC
  • Conduct or assist with Rapid7 incident response investigations.
  • Assist in capturing and deploying knowledge of attack methodologies
  • Drive research initiatives to further threat detection capabilities and brand reputation through media interaction, public speaking, and blogs
  • Provide continuous input to Rapid7 product development teams


Rapid7 has no strict education requirements for any of the security analyst positions. While Rapid7 values higher education, we recognize that people learn differently and knowledge can be imparted from a variety of different experiences. Show us what you know!

Job Requirements:

  • Associate Level

    • Requirements

      • Problem solving, critical thinking, and ingenuity.
      • A passion for cybersecurity
      • A keen curiosity and excitement to learn
      • Willingness to work on a shift schedule, including evenings and a Saturday or Sunday

        • The Rapid7 MDR SOC has a shift rotation which requires associate analysts to work a rotating 4:3 schedule from 10 AM - 8 PM after a 90 day onboarding and training period. The shifts are from Sunday-Wednesday and Wednesday-Saturday.
    • Preferred

      • Scripting/coding ability
      • Participated and succeeded in CTFs, HTB, Rastalabs, Pentesting with Kali Labs
  • Mid Level

    • Requirements

      • Experience with forensic network investigations, endpoint investigations, malware analysis, incident response, threat hunting, or any other job functions normally found within a SOC
      • The ability to identify processes in need of improvement and implement solutions.
      • Willingness to work on a shift schedule, including evenings and a Saturday or Sunday

        • The Rapid7 MDR SOC has a shift rotation which requires Mid-Level MDR Analysts to work 4:3 approximately once every 4 months.
    • Preferred

      • Endpoint detection experience
      • Experience working in a 24/7 SOC
  • Senior Level

    • Requirements

      • Substantial Incident response, SOC, or threat hunting experience.
      • Capable of mentoring analysts at all levels, or otherwise enabling the process through team contributions and cross functional collaboration.
      • Has performed the duties of Incident Manager for incident response engagements.
      • Can speak to the lifecycle of an incident and know exactly what artifacts to look for, where, and why at any stage
      • Technical SOC leadership experience
      • Willingness to be on-call for escalations. Cadence: two weeks (1 week primary, 1 week secondary) approximately every two months.
    • Preferred

      • Deep experience in forensic artifacts
      • Broad view and understanding of a system's architecture and design from either a technical perspective or operational perspective (Built an ELK stack, or a team's SOPs)

Equal Opportunity Employer

Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and firmly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it's the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Client-provided location(s): Arlington, VA, USA
Job ID: rapid7-R249