Threat Hunter

The Rapid7 Managed Services Threat Hunting team is responsible for performing proactive, hypothesis-driven threat hunts across all Managed Detection and Response (MDR) customers to identify emerging cyber threats and malicious activity on networks and systems.

The Threat Hunter will work proactively to uncover malicious activity that may have been missed by traditional security measures, and will develop strategies to mitigate current and future threats. This role leverages internal and open source tools to accomplish threat hunting at scale. The Threat Hunting team is also responsible for coordinating closely with Rapid7’s Emergent Threat Response (ETR) program and working closely with related cross-functional teams.

**About the Team**
Rapid7’s Managed Detection and Response (MDR) team is built from the ground up to bring motivated and passionate security talent face to face with emerging threats, practical challenges, and evil at scale.

Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.

**About the Role**
Rapid7’s Threat Hunters are tenacious individuals who enjoy analyzing threats and trends, both novel and tried-and-true, and using their heads to craft hypotheses that lead them on the hunt for the proverbial needle-in-a-haystack.

The day-to-day of a Threat Hunter may include conducting research on threat actor Tactics, Techniques, and Procedures (TTPs), determining what types of activities may be worthy of hunting for, and formulating the best method by which to dig through customers’ data in order to identify evidence of said TTPs; or, in the case of the swell-up of events qualifying for Rapid7’s Emergent Threat Response, assisting teams across Rapid7 in identifying ways to search for and notify customers of the next big evil thing that could be sitting right on their doorstep, waiting to pounce. Hunters may derive hypotheses that are worthy of conducting broad-scale hunts across the entire MDR customer base, or they may target specific customer environments or industry verticals to sniff out compromises new or old.

Threat Hunters pay close attention to the activities observed in Incident Response engagements, identifying TTPs and Indicators of Compromise/Attack (IOCs/IOAs) that may be worth searching for in other customer environments, and glean insights from the Threat Intelligence and Detection Engineering (TIDE) team’s latest and greatest detections to help craft hypotheticals potentially worthy of the hunt. Threat Hunters also have the unique opportunity to work directly with the minds behind Rapid7’s industry-leading open-source DFIR tool, Velociraptor, crafting new hunt packages and contributing directly back to the cybersecurity community.

**In this role, you will**:

- Conduct ongoing hypothesis-based threat hunts utilizing new TTPs and IOCs/IOAs, discovered through proactive research as well as collaboration with other teams within the organization
- Serve as a core component of the Rapid7 ETR team to provide expertise and conduct hunts based on classified emerging threats across MDR customers
- Conduct targeted hunts during major incidents based on past attacker activity and Incident Manager direction
- Help document and improve hunting processes, tools, and capabilities
- Develop new Velociraptor hunt packages based on research and findings
- Work closely with engineering, endpoint, TIDE, Rapid7 Labs, and Velociraptor teams to prioritize roadmap items that improve threat hunting capabilities
- Provide timely reporting and feedback to stakeholders
- When applicable, publish threat hunting topics to the Rapid7 blog

**The skills you’ll bring include**:

- 2+ years in a DFIR role, primarily focused on endpoint forensics
- Broad knowledge of threat actor groups and their TTPs
- Experience with SIEM platforms and querying/analyzing large data sets
- Ability to work with mínimal oversight and prioritize efficiently
- Strong analytical and research skills
- Ability to think creatively and intuitively

**Differentiators**:

- SANS FOR508 or FOR608 (or similar) and/or associated certifications (GCFA, GEIR, etc.)
- Experience conducting targeted threat hunting
- LEQL experience
- Experience with Velociraptor
- AWS Athena familiarity
- Experience with the InsightIDR SIEM/XDR platform
- Coding, engineering, and/or development experience
- Data science and/or AI experience

**About Rapid7**
At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact.

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge