Lead Software Engineer, Security Operations
As Rapid7 and the Insight Cloud continue to grow, so does our attack surface. That’s why we’re looking for a Lead Security Engineer to join our Security Operations (SecOps) team in Boston. You’ll hit the ground running by building and implementing security controls in partnership with our Corporate IT teams to secure our end user devices, infrastructure systems, and cloud services. You’ll partner closely with our Security Operations Analysts to help automate their vulnerability management and incident response operations. You’ll also be helping build and lead a new security engineering function from scratch, one that will rapidly evolve our defenses to keep our customers and company safe by continuously raising the bar for our prevention, detection, and remediation capabilities.
Note: this role is on a people manager/leader career path, with the next level being “Manager, Security Operations Engineering”
Your profile
Are you looking for a new opportunity to channel your security expertise into building, integrating, and automating security controls across cloud and on-premise environments? Do you find yourself daydreaming about novel ways to continuously evolve security defenses to stay one step ahead of attackers? Does defending against attacker techniques that change on a day-to-day basis energize you rather than intimidate you? Are you trying to scale the positive impact you want to have on the security world by mentoring, leading, and growing a team of excellent security practitioners?
If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company.
You’ll be responsible for...
- Building, integrating, and automating security controls across cloud and on-premise environments
- Partnering with Corporate IT and other teams to augment IT security capabilities for end user devices, infrastructure, business applications, and identity & access management
- Supporting our SecOps Analysts in automating our vulnerability management and incident detection & response operations
- Building and leading a team of SecOps Engineers to scale our SecOps & IT security controls
- Defining and executing the vision, strategy, and roadmap for our SecOps Engineering program
- Mentoring and managing your team members to support them in becoming more effective security practitioners and teammates across Rapid7
- Owning and driving projects independently and in collaboration with our other InfoSec teams, DevOps teams, IT teams, and other business units
- Providing security expertise and leadership by consulting on projects to help our company implement safe systems, environments, and operations
- Reporting and communicating security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives
- Curating metrics to demonstrate the effectiveness of our SecOps & IT security controls
What you’ll need
- 4+ years of strong working experience in information security, performing vulnerability management, incident detection & response, digital forensics, or malware analysis
- Experience in software development with building & integrating tools, especially by using web APIs & Python or Go
- Experience with configuration management tools, such as Terraform, Chef, or Puppet
- In-depth knowledge of Windows, macOS, & Linux security hardening/monitoring techniques
- In-depth knowledge of secure network, systems, and application design and architecture
- Experience configuring or maintaining network devices, such as firewalls and switches
- Experience maintaining, securing, or monitoring cloud infrastructure, especially AWS
- Expert ability to identify security event root causes by gathering and synthesizing evidence from a variety of disparate systems
- Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
- Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
- Insatiable curiosity & desire to challenge conventional approaches to solving problems
Nice-to-haves
- Broad programming/scripting experience with Python, Go, Bash, Python, PowerShell, Java
- Experience with Windows, macOS, and Linux system administration
- Experience with MDM or EMM tools
- Experience with Docker, Kubernetes, and other containerization technology
- Experience in offensive security or red teaming
- Experience implementing, administering, and using Rapid7 products (e.g. InsightVM/Nexpose, InsightIDR, InsightConnect, etc.)
Job Perks
- Unlimited vacation
- Flexible work hours
- 401k matching
- Employee stock purchase plan (ESPP)