Lead Security Engineer, Cloud Security

| Greater Boston Area
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

What if security was an opportunity and not an obstacle? What if it wasn’t a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that too. At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower 9000+ customers across 120+ countries to seamlessly build security into the heart of their organizations.

But as Rapid7 continues to grow, so does our attack surface. Rapid7’s internal security team is in a unique position to use our own products to secure our company’s growing attack surface, and then share our learnings with our customers to help them achieve their security outcomes more effectively. That’s why we’re looking for a Lead Security Engineer to help us break new ground in a hybrid role that both secures our cloud infrastructure and helps our customers secure theirs using DivvyCloud. This role will report into Security Engineering within our Information Security group while also being embedded with our DivvyCloud team. Roughly 75% of your time will be spent on internal security work and the remaining ~25% of your time will be spent helping DivvyCloud customers.

Your profile

Are you passionate about building scalable solutions to cloud security problems and helping your fellow security practitioners do the same? Do you believe security should empower people to do their work safely and productively, with guardrails and not gates? Are you a security optimist, recognizing that humans are the most important part of the solution rather than the weakest link in the chain? Do you find yourself daydreaming about new solutions to old problems?

If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading to learn more about this unique opportunity to work on a security team at a security company. 

The Role

  • Develop secure-by-design cloud infrastructure configurations/policies to prevent new cloud security issues

  • Build automation workflows to alert on & remediate new/existing cloud security issues

  • Collaboratively develop & implement secure system designs that empower teams to deliver results safely

  • Develop custom features/content for DivvyCloud to both improve customer outcomes & internal security

  • Provide expert advice to external customers on their DivvyCloud deployment/adoption & overall cloud security practices

  • Evangelize externally about cloud security & DivvyCloud best practices (via blogs, webinars, etc.)

  • Build positive relationships with partner teams to continuously improve our strategies for protecting our customers and company

  • Communicate complex topics in ways everyone can understand, from technical team contributors to non-technical C-level executives

  • Mentor team members around security, engineering, and collaboration best practices

  • Positively influence the culture of security at Rapid7

Qualifications and Traits

  • 4+ years securing cloud infrastructure (especially AWS), using infrastructure-as-code, compliance-as-code, and/or secure design policies to prevent new issues & auto-remediation workflows to clean up existing issues

  • Comprehensive experience securing cloud infrastructure used to run web applications 

  • Strong experience in software development, building & integrating tools, especially with web APIs & Python

  • Experience with configuration management tools like Chef, Puppet, or Ansible

  • Experience with infrastructure-as-code using Terraform, Pulumi, or CloudFormation

  • Excellent time management & prioritization skills with a strong ability to plan, prioritize, and execute projects in coordination with other teams

  • Excellent ability to communicate to technical & non-technical audiences with a positive, collaborative, and enablement-focused attitude

  • Insatiable curiosity & desire to challenge conventional approaches to solving problems


  • Experience developing custom software tooling to solve security problems

  • Experience with GCP or Azure

  • Experience with containerization technology (Docker, Kubernetes)

  • Experience using DivvyCloud

  • Experience performing continuous threat modeling using frameworks such as STRIDE and tools such as Threat Dragon, Pytm, Threatspec, Threagile, etc. 

  • Preferred locations: Boston, MA; Belfast, UK; Arlington, VA; Austin, TX; Los Angeles, CA; San Francisco, CA


Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • GolangLanguages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • jQueryLibraries
    • ReactLibraries
    • ReduxLibraries
    • AngularJSFrameworks
    • DjangoFrameworks
    • ExpressFrameworks
    • FlaskFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • TensorFlowFrameworks
    • CassandraDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • PostgreSQLDatabases
    • RedisDatabases
    • Google AnalyticsAnalytics
    • OptimizelyAnalytics
    • IllustratorDesign
    • InVisionDesign
    • PhotoshopDesign
    • SketchDesign
    • AsanaManagement
    • ConfluenceManagement
    • JIRAManagement
    • WordpressCMS
    • SalesforceCRM


Rapid7 is conveniently located between the North End and West End of Boston, with plenty of restaurants, bars and public transport close by.

An Insider's view of Rapid7

What does your typical day look like?

For the majority of the day it’s a mix of weekly check-ins with various teams, project updates, and the occasional brainstorm.

When I’m not in meetings I’ve got headphones in while planning, writing, or designing — at my desk or perched somewhere around the office.


Senior Brand Storyteller

What are some things you learned at the company?

When we talk about being a moose and impact together, what we are saying is that we support each other on our journey forward. We actively look for ways to collaborate, strengthen our ideas and learn from each other, no matter what department you may be in at Rapid7.


Global Director of Sales Engineering

What are Rapid7 Perks + Benefits

Volunteer in local community
Once a year, Rapid7 offices across the globe close for the day so employees can volunteer.
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Dedicated Diversity/Inclusion Staff
Highly diverse management team
Rapid7 is led by a diverse management team that represent the security community we serve. We believe that we all have a responsibility to continuously improve our DE&I efforts.
Unconscious bias training
We believe in continuous learning, our in-house trainers conduct consistent diversity trainings. We advocate for diverse thinking and strive to cultivate a workforce that mirrors the best minds.
Someone's primary function is managing the company’s diversity and inclusion initiatives
Diversity Employee Resource Groups
We have so many amazing and organically created employee resource groups! These internal Rapid7 communities allow for an authentic experience where diverse employees and allies can come together.
Hiring Practices that Promote Diversity
We've taken the Parity Pledge, we reinforce strategic recruitment, we are committed to diversity partnerships, and we understand the importance in training around unconscious bias.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K) Matching
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Our remote work program includes full-time remote for specific positions, Work remotely on occasion as needed.
Family Medical Leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Volunteer Time
Our employees receive unlimited hours per year of paid volunteer time.
Paid Holidays
Paid Sick Days
Employees receive unlimited hours per year of paid sick leave.
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Our game room includes Ping Pong.
Stocked Kitchen
Rapid7 has a fully stocked kitchen including unlimited snacks, coffee, tea and all of the flavored sparkling water you can handle.
Some Meals Provided
Employees get free lunch during quarterly in-office Town Halls and some team meetings.
Happy Hours
Happy hours are hosted On occasion .
Fitness Subsidies
Home Office Stipend for Remote Employees
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Acme Co. hosts lunch and learn meetings on occasion.
Cross functional training encouraged
Promote from within
Continuing Education stipend
Time allotted for learning
Online course subscriptions available
Paid industry certifications
More Jobs at Rapid745 open jobs
All Jobs
Data + Analytics
Dev + Engineer
HR + Recruiting
Project Mgmt
Project Mgmt
Data + Analytics
HR + Recruiting
Project Mgmt
HR + Recruiting
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Rapid7's full profileSee more Rapid7 jobs