MassTLC

Manager, Threat Intelligence and Detection Engineering

Rapid7 Managed Detection and Response operates around-the-clock to identify vulnerabilities, detect breaches, respond to and investigate attacker activity, and help our customers improve their ability to react to real-world threats.

We are looking for a manager to lead our Threat Intelligence and Detection Engineering (TIDE) team to power Rapid7’s detection and response products and services.

About the Team

This position is on our Threat Intelligence and Detection Engineering (TIDE) team and is located in our flagship Security Operations Center (SOC) in Arlington, Virginia. The TIDE team is responsible for threat intelligence research, detection engineering, and malware analysis at Rapid7. Our mission is to curate threat intelligence to create detections resulting in alerts worthy of human review through applied research, observation of malicious actor behavior, and emerging threats. Our vision is to know when, by whom and why. We work across the incident lifecycle to build detections and identify patterns of activities to better understand an adversary’s actions, expedite response, and constantly update the collective understanding of threats. In addition to leveraging this knowledge to arm our analysts and incident responders, we also provide actionable threat intelligence to Rapid7 customers in the form of security advisories and quarterly threat reports.

About the Role

In this role, you will:

• Serve as the front line leader for our team of threat intelligence researchers, malware analysts, and detection engineers.

• Provide a strong team vision, guidance, goals, and assistance to individual contributors.

• Collaborate closely with our global MDR Operations, Engineering, PMO, and Customer Advisor teams to facilitate positive outcomes for internal and external customers.

• Serve as a technical escalation point for complex challenges.

• Promote healthy, positive work habits and environments to reduce fatigue and encourage a sustainable work-life balance.

• Research to track threat actors of importance for Rapid7 products and services.

• Drive innovation for our products and services to streamline processes, improve reliability and efficacy of our tools, and reduce noise.

• Devise new methods of analysis and application of threat intelligence for alerting purposes.

• Create, track and iterate on metrics that highlight the value of Rapid7 detection engineering content to customers and internal partners

• Be an escalation point for more senior team members and Rapid7 internal customers.

The skills you’ll bring include:

• 5+ years of cyber security experience (preferably focused on threat intelligence)

• Prior experience with graphical link analysis tools (Maltego, Analyst Notebook, Palantir)

• Prior experience with threat indicator management platforms (ThreatQ, Anomali, RecordedFuture)

• Expert knowledge of common operating systems, services, networking protocols, logging, attacker techniques and tools

• Prior operational experience leveraging threat intelligence to detect and respond to adversaries

• Expertise in tools and techniques for analyzing large sets of data

• Extremely strong written and verbal skills

A plus if you have:

• Scripting, software development, engineering, and/or devops experience

• Prior MDR and/or MSSP experience

• Publications and conference speaking engagements

• Maltego experience

• ThreatQ experience

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attacker methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.