Senior Detection & Response Analyst

As a Rapid7 MDR Senior Detection and Response Analyst, you are a subject matter expert in the operations of the Rapid7 Managed Detection and Response Security Operations Center. You excel at conducting alert triage and investigation, forensic artifact analysis, and using the tools at your disposal to get the answers you need with the data you have. And, if you do not have that data, you know who to ask and what to ask for to get it. You will participate in incident response engagements and prepare professionally written client deliverables, and speak to clients about the deliverables. You are continuously reviewing operational processes for improvement, and are not afraid to be the change needed to improve them. You will seek mentoring opportunities for other analysts, and impart your knowledge to the SOC at large, when needed.
About the Team
Rapid7's Managed Detection and Response (MDR) team brings passionate security talent face to face with emerging threats and real-world challenges. Operating 24/7/365, MDR combines monitoring, threat hunting, and incident response with an impact-driven mindset that encourages innovation and effective solutions.
Within MDR, the Tactical Operations (TACOPS) team manages the most time-critical investigations using InsightIDR, Rapid7's cloud-hosted SIEM. TACOPS analysts handle investigations end-to-end-from alert triage to incident report delivery-covering everything from account compromises and malware to web server breaches and zero-day exploits.
You'll collaborate closely with Customer Advisors, who manage communications, allowing you to focus on analysis. When cases escalate, you'll support Rapid7's Incident Response team by analyzing log data or forensic artifacts. You'll also act as a technical escalation point for junior analysts, contribute to training, and occasionally join customer meetings to review workflows or incident findings.
We're looking for someone skilled in investigative methods, log and forensic analysis, and eager to keep learning. You'll be supported by your team lead and peers as you grow your expertise and career-whether toward roles in Incident Response, Threat Hunting, or advanced SOC analysis.
This position follows a hybrid schedule, requiring at least three days in the office, including Wednesdays for the TACOPS shift handover.
About the Role
As a Senior Detection and Response Analyst, your primary responsibility will be to own complex security investigations from triage through resolution, providing expert analysis, actionable insights, and guidance that strengthen both customer defenses and the overall MDR service.
In this role, you will:

• Fully own and conduct all range of investigations and incidents except for those escalated to the Incident Response team. However, you may need to shepherd incidents escalated to the Incident Response team, if needed, until an Incident Manager can take over
• Provide timely communication of investigation findings to Customer Advisors in order to provide Rapid7's customers with the information they need to remediate the current incident and prevent future ones from occurring.
• Prepare Incident Reports for each investigation you complete, which follows MITRE's ATT&CK Framework and includes your own forensic, malware, and root-cause analysis.
• Serve as a technical escalation point for the junior analysts in your team
• Be fully confident with entire tech stack the SOC uses on a day to day basis; training and enablement will be provided for external hires
• Suggest new - and provide feedback on existing - detections, based on triaged alerts and malicious activity encountered in investigations
• Work with leads or managers to continually update the SOC's training and enablement
• Participate on - and lead some - projects to improve the MDR service
• Engage with customers as necessary to discuss incidents and speak to how an analyst triages and investigates alerts
• Work towards becoming an expert in a subject relating to the SOC day-to-day, such as Windows registry forensic artifacts

The skills you'll bring include:

• 3-5 years of experience in a cybersecurity related position (SOC and/or SIEM analysis experience preferred)
• Thorough understanding of investigative methodology and the incident response lifecycle, cyber killchain, etc.
  
  • Knowing what questions need to be answered and how to pivot to get them to conduct an investigation and provide customers with the recommendations they need to contain, remediate, and eradicate threats from their environment
  • Includes thorough understanding of how threat actors utilize tactics such as lateral movement, privilege escalation, defense evasion, persistence, command and control, and exfiltration.
• Excellent verbal and written communication skills
• Familiarity with NTFS, FAT32, APFS and/or Ext* filesystems.
• Basic understanding of memory forensics
• Demonstrable knowledge of analysis of Windows, Linux, and/or Mac forensic artifacts.
  
  • Demonstrated through day-to-day work (internal hire) or a technical interview panel (external hire)
• Existing experience assisting with customer escalations/calls
• Complete familiarity with the Rapid7 tooling used by the SOC (external hires will receive enablement
• Experience handling Incident Response engagements conducted by an Incident Response team
• Be capable of prioritizing and managing your time to ensure the best possible outcomes for the MDR service and its customers
• The ability to work autonomously and knowing when to ask for help when needed
• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

Differentiators

• Coding experience or knowledge in languages such as Python, PowerShell, Ruby, or JavaScript
• Malware analysis or reverse engineering
• Memory forensics experience
• Redteaming experience

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
#LI-SIM
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.