Engineer II – Cyber Incident Response
Recruiting.com
Cyber SecuritySplunk
Incident Handler, Detection & Response Services
Rapid7
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $110,500 - $149,500 per year
Job Level
Mid-LevelSenior
Tech Stack
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxMacOSPython
About the role
- Investigate and remediate threats across traditional enterprise environments, cloud control planes, SaaS applications, and cloud workloads
- Communicate investigation findings clearly — both verbally and in writing — along with actionable recommendations to mitigate risk
- Lead scoping calls to assess the nature, urgency, and scope of on-demand customer investigations
- Engage directly with customers to share results, provide guidance, and drive progress on complex cases
- Triage and respond to alerts using Rapid7’s SIEM, InsightIDR, and other internal tools
- Partner with Incident Responders to ensure seamless, coordinated handoffs and a unified customer experience
- Provide feedback to Threat Intelligence and Detection Engineering teams to support continuous improvement in detection coverage
- Mentor and support less experienced SOC analysts to improve team capabilities and overall MDR performance
Requirements
- 3+ years of experience in SOC, MDR, or Incident Response roles.
- 2+ years of Information Technology or cybersecurity role, with Windows expertise strongly preferred.
- Strong understanding of core operating system concepts in Windows, macOS/Darwin, and Linux, including common internal tools and directory structures
- Proficient in analyzing forensic artifacts to perform root cause analysis during investigations
- Windows expertise strongly preferred; experience with Linux, AWS, Azure, or GCP is a plus
- Excellent verbal and written communication skills, especially in incident response or threat detection contexts
- Skilled in engaging directly with customers to understand their security challenges, communicate investigation findings, and guide remediation efforts
- Able to scope customer-reported issues effectively to determine investigation paths and next steps
- Comfortable participating in customer and presales calls to explain technical findings and demonstrate value
- Familiarity with both static and dynamic malware analysis techniques
- Exposure to offensive security techniques and adversary tradecraft to inform defensive strategy and detection logic
- Basic scripting skills (e.g., Python, PowerShell, Bash) to automate repetitive tasks and streamline investigations is a plus.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SOCMDRIncident Responseforensic analysisroot cause analysismalware analysisscriptingWindowsLinuxcloud security
Soft skills
communicationcustomer engagementmentoringproblem-solvingteam collaborationguidanceleadershipanalytical thinkingadaptabilitycustomer service
