Technical Lead Detection Engineer
Detection Engineer
Do you enjoy information security research and threat intelligence? Do you have experience developing detections? Would you like the opportunity to research the latest threats and techniques used by attackers?
Rapid7 Managed Detection and Response operate around-the-clock to identify vulnerabilities, detect breaches, respond and investigate attacker activity, and help our customers improve their ability to deal with threats.
We are looking for a Senior Security Researcher to research and develop detections set to power Rapid7’s detection and response products and services.
This position is on our Threat Intelligence and Detection Engineering (TIDE) team and is located in our flagship SOC in Arlington, Virginia. The TIDE team is responsible for threat intelligence, detection engineering and malware analysis at Rapid7. Our mission is to curate threat intelligence and maintain visibility in order to create alerting worthy of human review through applied research and observation of malicious actor behavior. Our vision is to know when, by whom and why. We work across the incident lifecycle to build detections and identify patterns of activities to better understand an adversary’s actions, expedite response, and constantly update the collective understanding of threats. In addition to leveraging this knowledge to arm our analysts and incident responders, we also provide actionable threat intelligence to Rapid7 customers in the form of security advisories and quarterly threat reports.
Responsibilities:
Research to develop detections for Rapid7 products and services.
Write advanced and multistage detections for various systems.
Create tools using scripting (Python) and various web services (REST API’s)
Track detections along the intelligence lifecycle, identifying when they need to be updated or retired.
Be an escalation point for junior TIDE team members and Rapid7 internal customers.
Requirements:
5+ years of threat intelligence, detection writing or malware analysis (creating/tuning network IDS signatures, analyzing netflow/firewall traffic, building SIEM alerting rules).
Prior experience with Endpoint Detection & Response (EDR).
Expert knowledge of common operating systems, services, networking protocols, logging, attacker techniques and tools.
Expert knowledge of what visibility exists and how best to alert on attacker activity.
Prior operational experience leveraging threat intelligence to detect and respond to adversaries.
A strong understanding of the current threat landscape including the latest tactics, tools, and procedures, common malware variants, and effective techniques for detecting this malicious activity.
Malware analysis and reverse engineering (sandboxing and disassemblers like IDA Pro)
Strong written and verbal skills.
Differentiators:
Prior MSSP experience.
Scripting/development experience (Python).
Detection writing (Snort/Suricata, YARA, Cuckoo, etc)