What if security was an opportunity and not an obstacle? What if it wasn’t a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that too. At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower 9000+ customers across 120+ countries to seamlessly build security into the heart of their organizations.
But as Rapid7 continues to grow, so does our attack surface. Rapid7’s internal security team is in a unique position to use our own products to secure our company’s growing attack surface, and then share our learnings with our customers to help them achieve their security outcomes more effectively. That’s why we’re looking for a Lead Security Engineer to help us break new ground in a hybrid role that both secures our cloud infrastructure and helps our customers secure theirs using DivvyCloud. This role will report into Security Engineering within our Information Security group while also being embedded with our DivvyCloud team. Roughly 75% of your time will be spent on internal security work and the remaining ~25% of your time will be spent helping DivvyCloud customers.
Are you passionate about building scalable solutions to cloud security problems and helping your fellow security practitioners do the same? Do you believe security should empower people to do their work safely and productively, with guardrails and not gates? Are you a security optimist, recognizing that humans are the most important part of the solution rather than the weakest link in the chain? Do you find yourself daydreaming about new solutions to old problems?
If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading to learn more about this unique opportunity to work on a security team at a security company.
Develop secure-by-design cloud infrastructure configurations/policies to prevent new cloud security issues
Build automation workflows to alert on & remediate new/existing cloud security issues
Collaboratively develop & implement secure system designs that empower teams to deliver results safely
Develop custom features/content for DivvyCloud to both improve customer outcomes & internal security
Provide expert advice to external customers on their DivvyCloud deployment/adoption & overall cloud security practices
Evangelize externally about cloud security & DivvyCloud best practices (via blogs, webinars, etc.)
Build positive relationships with partner teams to continuously improve our strategies for protecting our customers and company
Communicate complex topics in ways everyone can understand, from technical team contributors to non-technical C-level executives
Mentor team members around security, engineering, and collaboration best practices
Positively influence the culture of security at Rapid7
Qualifications and Traits
4+ years securing cloud infrastructure (especially AWS), using infrastructure-as-code, compliance-as-code, and/or secure design policies to prevent new issues & auto-remediation workflows to clean up existing issues
Comprehensive experience securing cloud infrastructure used to run web applications
Strong experience in software development, building & integrating tools, especially with web APIs & Python
Experience with configuration management tools like Chef, Puppet, or Ansible
Experience with infrastructure-as-code using Terraform, Pulumi, or CloudFormation
Excellent time management & prioritization skills with a strong ability to plan, prioritize, and execute projects in coordination with other teams
Excellent ability to communicate to technical & non-technical audiences with a positive, collaborative, and enablement-focused attitude
Insatiable curiosity & desire to challenge conventional approaches to solving problems
Experience developing custom software tooling to solve security problems
Experience with GCP or Azure
Experience with containerization technology (Docker, Kubernetes)
Experience using DivvyCloud
Experience performing continuous threat modeling using frameworks such as STRIDE and tools such as Threat Dragon, Pytm, Threatspec, Threagile, etc.
Preferred locations: Boston, MA; Belfast, UK; Arlington, VA; Austin, TX; Los Angeles, CA; San Francisco, CA