Manager, Security Engineering (Massachusetts)
Manager, Security Engineering - Infrastructure Security
What if security was an opportunity and not an obstacle? What if it wasn’t a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that, too! At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations.
Rapid7 continues to grow, and so does our attack surface. That’s why we’re looking for a Security Engineering Manager to lead our Infrastructure Security team, who empower our employees to design, build, and use infrastructure securely at scale so our company and customer data are protected from compromise. Whether it involves endpoints, networks, or cloud infrastructure, our Infrastructure Security team partners closely with our Platform Delivery (DevOps), Software Engineering, and IT teams to provide secure-by-default infrastructure by using a “guard rails, not gates” approach.
A day in the life…
You’ve just finished meeting with the rest of your teammates in the Security Engineering group as part of our bi-weekly retrospective meeting. Someone from the Application Security team just finished talking through a really good piece of feedback that has you thinking: why couldn’t we evolve our cloud infrastructure security strategy to further shift left in our software development lifecycle? As ideas start popping into your mind, you start jotting down notes for a new project plan to add to the Security Engineering roadmap for next quarter.
After a few minutes, it dawns on you that DivvyCloud might have some yet-to-be used features that could bring those ideas to life. You dive into our DivvyCloud console and, after a few minutes of poking around, stumble upon a new feature for scanning Terraform templates for insecure cloud resource configurations, like public S3 buckets, before they get applied in production. It seems promising, but you’re not entirely sure, so you set up a video call with one of the cloud security subject matter experts on your team and our Platform Delivery team to collaborate on brainstorming this idea with both of them. It’ll have to wait until later that afternoon, though, since you have a meeting in an hour with the Senior Director of IT Infrastructure to get their feedback on a business case you’ve been drafting for a new BeyondCorp-type zero trust networking solution (that slide deck isn’t going to polish off itself!).
Both of your meetings end up going great. You got a lot of feedback that will make these projects more successful with a greater level of cross-functional buy-in for each of them. After spending some time updating your notes and slides based on this feedback, you start to prepare for a one-on-one meeting with one of your team members where you’ll be reviewing their individual development plan (IDP) with them. Now that you think about it, there might be an opportunity to align their IDP with this latest cloud security project idea. Exciting!
Your profile
Are you looking for a new opportunity to channel your security expertise into providing a vision and strategy for a team of security engineers to execute on? Are you excited to scale the positive impact you want to have on the security world by mentoring, leading, and growing a team of excellent security practitioners? Do you eagerly seek out and embrace feedback from perspectives different from your own?
If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company.
What you’ll do
Support, develop, lead, and advocate for a security engineering team responsible for infrastructure security (which covers endpoints, networks, and cloud resources)
Partner with our Corporate IT, DevOps, Software Engineering, and other Information Security teams to align on infrastructure security strategy and priorities
Work closely with the Senior Manager of Security Engineering to evolve and maintain the vision, strategy, and roadmap for infrastructure security
Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives
Curate metrics to demonstrate the effectiveness of our endpoint, network, and cloud security controls
Build positive relationships with partner teams to continuously improve our strategies for protecting our customers and company
What you’ll bring
Experience in information security, especially cloud security with AWS
Experience managing security teams or engineering teams
Knowledge of secure network, infrastructure, and/or web application architecture
Experience in software development with building and integrating tools, especially by using web APIs and languages like Python
Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
Insatiable curiosity and desire to challenge conventional approaches to solving problems
Pluses
Experience with Windows, macOS, and Linux security hardening techniques
Experience with DevOps tooling, such as Terraform, Chef, or Puppet
Experience with securing Docker, Kubernetes, or other containerization technologies
Equal Opportunity Employer
Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it’s the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!