Threat Hunter

The Rapid7 Managed Services Threat Hunting team is responsible for performing proactive, hypothesis-driven threat hunts across all Managed Detection and Response (MDR) customers to identify emerging cyber threats and malicious activity on networks and systems.

The Threat Hunter will work proactively to uncover malicious activity that may have been missed by traditional security measures, and will develop strategies to mitigate current and future threats. This role leverages internal and open source tools to accomplish threat hunting at scale. The Threat Hunting team is also responsible for coordinating closely with Rapid7’s Emergent Threat Response (ETR) program and working closely with related cross-functional teams. 

About the Team
Rapid7’s Managed Detection and Response (MDR) team is built from the ground up to bring motivated and passionate security talent face to face with emerging threats, practical challenges, and evil at scale.

Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the SOC. MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.

About the Role
Rapid7’s Threat Hunters are tenacious individuals who enjoy analyzing threats and trends, both novel and tried-and-true, and using their heads to craft hypotheses that lead them on the hunt for the proverbial needle-in-a-haystack.

The day-to-day of a Threat Hunter may include conducting research on threat actor Tactics, Techniques, and Procedures (TTPs), determining what types of activities may be worthy of hunting for, and formulating the best method by which to dig through customers’ data in order to identify evidence of said TTPs; or, in the case of the swell-up of events qualifying for Rapid7’s Emergent Threat Response, assisting teams across Rapid7 in identifying ways to search for and notify customers of the next big evil thing that could be sitting right on their doorstep, waiting to pounce. Hunters may derive hypotheses that are worthy of conducting broad-scale hunts across the entire MDR customer base, or they may target specific customer environments or industry verticals to sniff out compromises new or old.

Threat Hunters pay close attention to the activities observed in Incident Response engagements, identifying TTPs and Indicators of Compromise/Attack (IOCs/IOAs) that may be worth searching for in other customer environments, and glean insights from the Threat Intelligence and Detection Engineering (TIDE) team’s latest and greatest detections to help craft hypotheticals potentially worthy of the hunt. Threat Hunters also have the unique opportunity to work directly with the minds behind Rapid7’s industry-leading open-source DFIR tool, Velociraptor, crafting new hunt packages and contributing directly back to the cybersecurity community.

In this role, you will:

Conduct ongoing hypothesis-based threat hunts utilizing new TTPs and IOCs/IOAs, discovered through proactive research as well as collaboration with other teams within the organization

Serve as a core component of the Rapid7 ETR team to provide expertise and conduct hunts based on classified emerging threats across MDR customers

Conduct targeted hunts during major incidents based on past attacker activity and Incident Manager direction

Help document and improve hunting processes, tools, and capabilities

Develop new Velociraptor hunt packages based on research and findings

Work closely with engineering, endpoint, TIDE, Rapid7 Labs, and Velociraptor teams to prioritize roadmap items that improve threat hunting capabilities

Provide timely reporting and feedback to stakeholders

When applicable, publish threat hunting topics to the Rapid7 blog

The skills you’ll bring include:

2+ years in a DFIR role, primarily focused on endpoint forensics

Broad knowledge of threat actor groups and their TTPs

Experience with SIEM platforms and querying/analyzing large data sets

Ability to work with minimal oversight and prioritize efficiently

Strong analytical and research skills

Ability to think creatively and intuitively

Differentiators:

SANS FOR508 or FOR608 (or similar) and/or associated certifications (GCFA, GEIR, etc.)

Experience conducting targeted threat hunting

LEQL experience

Experience with Velociraptor

AWS Athena familiarity

Experience with the InsightIDR SIEM/XDR platform

Coding, engineering, and/or development experience

Data science and/or AI experience

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.