Incident Handler

Incident Handler II, Detection & Response Services
As an Incident Handler II at Rapid7, you will sit at the front lines of cyber defense - investigating everything from commodity malware to sophisticated threat actors across a diverse portfolio of customer environments. Working alongside MDR SOC analysts and Incident Responders, you will bring your forensic instincts, technical depth, and customer-first mindset to investigations that matter. If you are driven by curiosity, thrive under pressure, and want to do meaningful security work at scale, this role is for you.
About the Team
Rapid7's Managed Detection and Response (MDR) team delivers 24/7/365 monitoring, threat hunting, and incident response to help customers stay ahead of evolving threats. We operate with an impact-driven mindset, combining endpoint detection, behavioral intelligence, and deep security expertise to protect organizations at scale.
About the Role
As an Incident Handler II, your primary responsibility will be to investigate and analyze malicious activity across a wide range of customer environments - from account compromises and commodity malware to complex web server intrusions and zero-day exploitation. Specifically, your focus will be to:

• Conduct end-to-end investigations into malicious activity on workstations, servers, and cloud environments, including scoping, timeline analysis, root-cause identification, and documentation in support of Rapid7's Incident Response team.
• Own complex investigations that require delegation, cross-team collaboration, and direct customer communication, serving as the escalation point for advanced and high-severity incidents.
• Partner with Cybersecurity Advisors to communicate investigation findings, respond to client Requests for Information, and deliver clear remediation and mitigation recommendations.
• Prepare detailed Incident Reports mapped to MITRE ATT&CK, incorporating forensic, malware, and root-cause analysis for every investigation you complete.
• Share threat intelligence with peers and contribute new detection opportunities to Rapid7's Threat Intelligence and Detection Engineering teams to continuously strengthen our collective defenses.
• Participate in customer engagement opportunities and team projects that drive positive outcomes for the MDR service and the customers we protect.
• Triage alerts using Rapid7's InsightIDR SIEM, identify potential compromises, and escalate findings to customers as needed.

The skills and qualities you'll bring include:

• A customer-first mindset that keeps each customer's needs and concerns at the center of every investigation and decision.
• Strong written and verbal communication skills, with the ability to collaborate effectively across the MDR SOC, Incident Response team, and directly with customers.
• A passion for continuous learning and growth in the cybersecurity field, with a drive to stay current on emerging threats, tactics, and techniques.
• Accountability for your work and investigations, with the ability to own complex, high-stakes situations and see them through to resolution.
• 3-4 years of experience in a cybersecurity-related role, with SOC and/or SIEM analysis experience preferred.
• Proficiency with analyzing forensic artifacts to determine root cause across Windows environments; experience with Linux, AWS, Azure, and/or GCP is a strong plus.
• Understanding of core operating system concepts across Windows, macOS/Darwin, and Linux, including internal system tools and directory structures.
• A solid grasp of how threat actors operate - including lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.
• Experience with static and/or dynamic malware analysis.
• Familiarity with MITRE ATT&CK Framework and its application to investigation reporting and threat analysis.
• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
#LI-WP1 #LI-Remote
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,500+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.