Lead Security Researcher

Company: Rapid7
Location: Arlington
Posted on: February 25, 2021

Job Description:

Do you enjoy information security research and threat intelligence? Do you have experience developing detections? Would you like the opportunity to research the latest threats and techniques used by attackers?-- Rapid7 Managed Detection and Response operate around-the-clock to identify vulnerabilities, detect breaches, respond and investigate attacker activity, and help our customers improve their ability to deal with threats.-- We are looking for a Lead Security Researcher to research and develop detections set to power Rapid7's detection and response products and services.-- This position is on our Threat Intelligence and Detection Engineering (TIDE) team and is located in our flagship SOC in Arlington, Virginia. The TIDE team is responsible for threat intelligence, detection engineering and malware analysis at Rapid7. Our mission is to curate threat intelligence and maintain visibility in order to create alerting worthy of human review through applied research and observation of malicious actor behavior. Our vision is to know when, by whom and why. We work across the incident lifecycle to build detections and identify patterns of activities to better understand an adversary's actions, expedite response, and constantly update the collective understanding of threats. In addition to leveraging this knowledge to arm our analysts and incident responders, we also provide actionable threat intelligence to Rapid7 customers in the form of security advisories and quarterly threat reports.-- Responsibilities: Self guided research to develop detections for Rapid7 products and services. Write advanced and multistage detections for various systems as well as provide guidance to extend existing detection engine functionality. Track detections along the intelligence lifecycle, identifying when they need to be updated or retired. Identify gaps in visibility/functionality and collaborate with other teams to close them. Devise new methods of analysis and application of threat intelligence for alerting purposes. Be an escalation point for more senior team members and Rapid7 internal customers. Provide continuous input to Rapid7 product development teams. Contribute to publications such as Rapid 7's Quarterly Threat Report. Requirements: 8+ years of threat intelligence, detection writing or malware analysis experience (creating/tuning network IDS signatures, analyzing netflow/firewall traffic, building SIEM alerting rules). Prior experience with Endpoint Detection & Response (EDR) . Expert knowledge of common operating systems, services, networking protocols, logging, attacker techniques and tools. Expert knowledge of what visibility exists and how best to alert on attacker activity. Prior operational experience leveraging threat intelligence to detect and respond to adversaries. A strong understanding of the current threat landscape including the latest tactics, tools, and procedures, common malware variants, and effective techniques for detecting this malicious activity. Malware analysis and reverse engineering (sandboxing and disassemblers like IDA Pro) Strong written and verbal skills. Differentiators: Prior MSSP experience. Tool creation and contribution to the information Security community Publications and conference speaking engagements

Keywords: Rapid7, Arlington , Lead Security Researcher, Other , Arlington, Texas