Do you enjoy the challenge of 'sniffing out' sophisticated attackers at the network layer? Do you have experience developing and managing high fidelity network threat detection signatures? Would you like the opportunity to lead the network threat detection function for our world-class Managed Detection & Response service?
Rapid7 Managed Services operate around-the-clock to identify vulnerabilities, detect breaches, respond and investigate attacker activity, and help our customers improve their ability to deal with threats.
We are looking for an experienced Network Threat Analyst to develop and curate a network threat detection signature set to power Rapid7's detection and response products and services.
This position is on our Managed Services Threat Intelligence team and is located in our flagship SOC in Arlington, Virginia. The Threat Intelligence team works across the incident lifecycle to build detections and identify patterns of activities to better understand an adversary's actions, expedite response, and constantly update the collective understanding of threats. In addition to leveraging this knowledge to arm our analysts and incident responders, we also provide actionable threat intelligence to Rapid7 customers in the form of security advisories and quarterly threat reports.
* Curate network threat detection signatures for Rapid7 products and services.
* Create custom network threat detection signatures to detect advanced attackers, leveraging threat intelligence gathered from multiple sources, internal and external.
* Track detections along the intelligence lifecycle, identifying when they need to be updated or retired.
* Drive research initiatives to further threat detection capabilities.
* Assist the Rapid7 Incident Response team in investigating breaches and capturing significant threat data for further analysis.
* Serve as a subject matter expert for network threat detection at Rapid7.
* Provide continuous input to Rapid7 product development teams.
* 5+ years of network threat detection experience (creating/tuning network IDS signatures, analyzing netflow/firewall traffic, building SIEM alerting rules).
* Significant prior experience developing and tuning Snort/Suricata signatures.
* A strong technical understanding of core Internet protocols (TCP/IP, HTTP, TLS, DNS, etc.).
* Prior operational experience leveraging threat intelligence to detect and respond to adversaries.
* A strong understanding of the current threat landscape including the latest tactics, tools, and procedures, common malware variants, and effective techniques for detecting this malicious activity.
* Strong written and verbal skills.
* Experience deploying and managing network taps and network IDS sensors.
* Prior MSSP experience.
* Bro scripting experience.
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.