Lead Security Architect, Application Security at Rapid7
What if security was an opportunity and not an obstacle? What if it wasn't a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that, too! At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across more than 120 countries to seamlessly build security into the heart of their organizations.
Our joint success with our customers is built on their trust in us to protect their data from compromise. We can do this only if we scale our security program by embedding secure design principles throughout our development lifecycle. That’s why we’re looking for a Lead Security Architect to join our Security Engineering team. This role will bolster a secure design culture across the company while driving secure design processes that focus on securing the application layer of our products, services, and corporate IT environment. This role will partner closely with our Platform Delivery (DevOps), Software Engineering, InfoSec, and IT teams to achieve our secure design program goals.
So, ask yourself this: are you passionate about building scalable, reliable, and secure applications? Do you thrive when you're able to drive impact by combining your unique skills and perspective with those of a cross-functional team? Do you strive to use influence and consensus, instead of authority, to achieve shared goals? If you've been answering “yes” to these questions, then read on! You could be just the person we're looking for.
What you’ll do
Build and sustain secure design and architecture processes that support organizational goals and strategy
Collaborate with our partner teams to co-create security standards for application services and architectures, including first-party and third-party applications
Implement secure design processes and tools with a focus on self-serviceability, automation, and shifting left in our project and system development life cycles
Lead holistic security assessments that include threat modeling and security standards maturity assessments
Help partner teams create and maintain threat models for their systems and environments
Educate and empower partner teams to use secure design principles, processes, and tools
Mentor teammates and stakeholders about security best practices, software engineering/architecture, collaborative problem solving, and technical leadership
What you’ll bring
Experience implementing secure design and security architecture processes and tools
Experience with threat modeling frameworks such as STRIDE and tools such as ThreatDragon, pytm, ThreatSpec, Threagile, etc.
Experience securing web applications, such as by creating/using secure libraries and software frameworks, SAST, DAST, IAST, and/or RASP
Experience with Kubernetes and container-based environments
Solid time management & prioritization skills with a strong ability to plan, prioritize, and execute projects in coordination with other teams
Proficiency communicating to technical & non-technical audiences with a positive, collaborative, and enablement-focused attitude
Eagerness to challenge conventional approaches to solving problems
Insatiable curiosity & desire to learn new technology and security concepts
Experience curating and providing secure software development training to software engineers
Experience attacking web applications, especially in the context of red team or purple team exercises
Belfast, UK; Arlington, VA; Boston, MA; Austin, TX; Belfast, UK; Los Angeles, CA; Remote
Equal Opportunity Employer
Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it’s the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!