Incident Handler, Detection & Response Services

We're looking for an Incident Handler who brings urgency to real threats and clarity to false alarms. In this role, you'll work closely with our customers to investigate suspicious activity, acting as a critical bridge between our MDR and Incident Response teams. Whether you're containing an active intrusion or explaining why something is benign, your work delivers more than just protection-it delivers peace of mind. At Rapid7, security isn't just what we deliver-it's how we care.
About the Team
Before we were known for MDR, we were breaking into systems-on purpose. Our roots in offensive security still shape how we work today: thinking like attackers, hunting threats proactively, and helping customers understand real risk.
Our analysts don't wait for alerts-they investigate actively using a fully integrated SIEM and XDR platform that gives them real-time visibility across environments. That means faster investigations, fewer false positives, and quicker response when it counts.
When serious threats emerge, there's no delay or handoff. Our SOC and IR teams operate as one-moving quickly from detection to containment.
But what truly sets us apart is how we show up. Our response is unlimited-no caps, no caveats-just a team that's always ready. Because to us, security isn't just protection. It's care. And we're here to guide our customers through the tough moments, start to finish.
About the Role
As an Incident Handler, you'll be the critical link between our MDR and Incident Response teams-leading investigations and ensuring smooth handoffs when deeper expertise is needed. You'll respond to a wide range of threats, from account takeovers and malware to advanced intrusions and zero-days.
This is a collaborative, customer-facing role. You'll work directly with customers to triage requests, scope investigations, and guide them through response. You'll also act as a global escalation point for the MDR team, helping move complex cases forward with urgency and clarity.
This role is perfect for someone who thrives at the intersection of detection, response, and customer care-balancing technical depth with empathy and communication.
In this role, you will:

• Investigate and remediate threats across traditional enterprise environments, cloud control planes, SaaS applications, and cloud workloads
• Communicate investigation findings clearly - both verbally and in writing - along with actionable recommendations to mitigate risk
• Lead scoping calls to assess the nature, urgency, and scope of on-demand customer investigations
• Engage directly with customers to share results, provide guidance, and drive progress on complex cases
• Triage and respond to alerts using Rapid7's SIEM, InsightIDR , and other internal tools
• Partner with Incident Responders to ensure seamless, coordinated handoffs and a unified customer experience
• Provide feedback to Threat Intelligence and Detection Engineering teams to support continuous improvement in detection coverage
• Mentor and support less experienced SOC analysts to improve team capabilities and overall MDR performance

The skills you'll bring include:

• 3+ years of experience in SOC, MDR, or Incident Response roles.
• 2+ years of Information Technology or cybersecurity role, with Windows expertise strongly preferred.
• Strong understanding of core operating system concepts in Windows, macOS/Darwin, and Linux, including common internal tools and directory structures
• Proficient in analyzing forensic artifacts to perform root cause analysis during investigations
• Windows expertise strongly preferred; experience with Linux, AWS, Azure, or GCP is a plus
• Excellent verbal and written communication skills, especially in incident response or threat detection contexts
• Skilled in engaging directly with customers to understand their security challenges, communicate investigation findings, and guide remediation efforts
• Able to scope customer-reported issues effectively to determine investigation paths and next steps
• Comfortable participating in customer and presales calls to explain technical findings and demonstrate value
• Familiarity with both static and dynamic malware analysis techniques
• Exposure to offensive security techniques and adversary tradecraft to inform defensive strategy and detection logic
• Basic scripting skills (e.g., Python, PowerShell, Bash) to automate repetitive tasks and streamline investigations is a plus.

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
About Rapid7
At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what's possible and drive extraordinary impact.
Here, we're building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever's next.
Join us and bring your unique experiences and perspectives to tackle some of the world's biggest security challenges.
#LI-JM2
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.