HashiCorp, an IBM company, empowers organizations to automate and secure multi-cloud and hybrid environments with The Infrastructure Cloud™. Our suite of Infrastructure Lifecycle Management and Security Lifecycle Management solutions are built on projects with source code freely available at their core. The HashiCorp suite underpins the world's most critical applications, helping enterprises achieve efficiency, security, and scalability at any stage of their cloud journey.
As part of the once-in-a-generation shift to the cloud, organizations of all sizes, from well-known brands to ambitious start-ups, rely on our solutions to manage the full lifecycle of infrastructure and security so they can deliver essential services, communications tools, and entertainment platforms worldwide.
Core Responsibilities:
Lead Tier 2/3 incident investigations across classified and unclassified networks.
Use frameworks such as NIST 800-61, MITRE ATT&CK, and DoD Cyber Kill Chain for structured IR.
Coordinate response with counterintelligence, compliance, and federal authorities as required.
Manage and optimize Rapid7 InsightIDR, InsightConnect, Nexpose, and InsightVM.
Rapid7 InsightIDR (XDR + SIEM) for real-time detection and analytics.
Rapid7 InsightConnect (SOAR) to automate IR playbooks.
Rapid7 Nexpose & InsightVM to identify, assess, and prioritize vulnerabilities across hybrid environments.
Correlate vulnerabilities with threat data to prioritize remediation of exploitable risks.
Build automation workflows for patching and remediation through Ansible and Puppet.
Conduct proactive threat hunting against nation-state adversaries using SIEM queries and Python scripts.
Conduct continuous threat hunting using Python and SIEM queries (KQL, SPL, SQL-like languages).
Develop advanced detection logic mapped to MITRE ATT&CK TTPs.
Integrate threat intelligence feeds (STIX/TAXII, MISP, DoD threat intel sources) into SOC workflows.
Python: Write custom scripts for IOC enrichment, API integrations, and log analysis.
Ansible: Automate system hardening, patch management, and incident response workflows.
Puppet: Standardize secure baselines across Linux/Windows systems in both classified and commercial networks.
Develop reusable automation playbooks integrated with Rapid7 SOAR.
Secure workloads across AWS GovCloud, Azure Government, and Boeing’s private cloud infrastructure.
Monitor Kubernetes and containerized defense applications for runtime anomalies.
Implement identity/security policy enforcement across multi-cloud and hybrid environments.
Ensure compliance with CMMC, NIST 800-171, NIST 800-53, ITAR, and FedRAMP.
Maintain audit-ready documentation for DoD and regulatory inspections.
Support Boeing’s supply chain cybersecurity programs, ensuring third-party compliance.
Required Skills & Experience:
10+ years in SOC operations, threat detection, and incident response.
Hands-on experience with the Rapid7 ecosystem (InsightIDR, InsightConnect, Nexpose, InsightVM).
Strong automation experience using Python, Ansible, and Puppet.
Familiarity with PowerShell and Bash scripting for cross-platform automation.
Deep knowledge of nation-state threat actors, APT techniques, and defense cyber operations.
Experience with SIEM, SOAR, IDS/IPS, EDR/XDR, firewalls, and vulnerability management.
Strong communication and ability to brief executives and federal stakeholders.
Education & Certifications:
Bachelors in Cybersecurity, Computer Science, or related field.
Certifications required: InsightIDR Certified Specialist
SOC Operations, Threat Detection, Incident Response, Rapid7 InsightIDR, Rapid7 InsightConnect, Rapid7 Nexpose, Rapid7 InsightVM, Python, Ansible, Puppet, PowerShell, Bash, SIEM, SOAR, IDS/IPS, EDR/XDR, Firewalls, Vulnerability Management, Threat Intelligence Integration, Threat Hunting, MITRE ATT&CK, NIST 800-61, DoD Cyber Kill Chain, KQL, SPL, SQL, Automation Playbooks, API Integrations, Log Analysis, System Hardening, Patch Management, Kubernetes Security, Container Security, AWS GovCloud, Azure Government, Cloud Security, Multi-Cloud Security, Hybrid Environment Security, Compliance (CMMC, NIST 800-171, NIST 800-53, ITAR, FedRAMP), Executive Communication, Federal Stakeholder Briefing.