Incident Responder

The Rapid7 Incident Responder is a hands-on, technical role focused on digital forensics and incident response that offers various customer-facing and consulting opportunities. Rapid7 Incident Responders split their time between reactive breach response cases - supporting Rapid7 customers in their greatest time of need, and proactive customer engagements - delivering threat hunting and detection & response exercises with our customers dedicated internal security teams. Rapid7 aims to provide unparalleled work/life balance that allows talented Detection & Response experts to thrive in a reactive Incident Response setting.

About the Team

The Rapid7 Incident Response team is considered the tip of the spear within Rapid7's Detection & Response practice. This team is primarily responsible for ensuring 24/7 breach response coverage for Rapid7's MDR and retainer customers to ensure they have Rapid7s unwavering support in their greatest times of need. All services are delivered using Rapid7's existing portfolio of detection and response solutions, such as Rapid7 InsightIDR and Velociraptor. The experiences gained by the members of this Managed Services team directly inform Rapid7's Product organization, driving continuous improvement of Rapid7 products for both Managed and standalone customers.

About the Role

Embedded within the Rapid7 MDR SOC pods, an Incident Responders primary responsibilities include incident management, forensic analysis, threat hunting, and delivering both verbal and written communications to customers. Incident Responders will manage major incident response engagements, with oversight from Senior Incident Responders. Additionally, a portion of their time will be dedicated to ongoing research in incident response and enhancing service enablement by improving internal processes, procedures, and methodologies used to deliver incident response services.

In this role, you will:

• Deliver world-class incident response services, managing customer engagements from initial incident scoping to final reporting, and driving investigations through the entire IR lifecycle.

• Coordinate and guide SOC Analysts during major investigations.

• Conduct forensic investigations using real-time telemetry from the InsightIDR platform and endpoint artifacts from Velociraptor.

• Support proactive threat hunting through Rapid7s Compromise Assessment offering, utilizing tools like Velociraptor and other EDR technologies.

• Conduct threat emulation activities as part of Rapid7s Detection & Response Workshop, helping clients assess their ability to respond to major threats using their existing tools.

• Advise clients on security best practices and strategies for mitigating attacks through enterprise security controls.

• Capture and apply knowledge of the latest attacker methodologies to improve response efforts.

• Contribute to public blogs and webinars by sharing insights on the latest attacker techniques discovered during major investigations.

• Provide guidance to MDR analysts on minor incident investigations.

The skills youll bring include:

• 2-3 years of hands-on incident response experience, including conducting technical incident response investigations, forensic analysis, and using Windows/Mac/Linux forensic artifacts to identify and assess threat actor activities

• Knowledge of enterprise security, with experience integrating technologies like EDR, SIEM, Velociraptor, OSQuery, and others to enhance threat detection and streamline incident response.

• Strong technical expertise in at least two of the following areas:

  • Host forensics (Windows / Mac / Linux)

  • Network traffic analysis

  • Log review

  • Malware triage

  • Cloud technologies, including AWS, Azure, and GCP

• Excellent verbal and written communication skills, with the ability to clearly convey investigation findings and remediation steps to both technical and non-technical audiences, including executives and legal teams.

• Strong relationship-building skills, with the ability to understand customer needs and deliver measurable value.

• Exceptional time management and prioritization skills.

• Willingness to participate in an on-call rotation, including evening and weekend shifts as needed.

• Relevant industry certifications such as GCIA, GCIH, GDAT, GCFE, and GFCA (or equivalent).

We know that the best ideas and solutions come from multi-dimensional teams. Thats because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please dont be shy - apply today.

About Rapid7

At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge whats possible and drive extraordinary impact.

Here, were building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatevers next.

Join us and bring your unique experiences and perspectives to tackle some of the worlds biggest security challenges.

#LI-JM2
#LI-REMOTE

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.