Software Engineer, Information Security
Information Security @ Rapid7
Rapid7 was founded in 2000 to give our customers visibility into vulnerabilities in their IT environments with a comprehensive vulnerability management solution, something that didn’t exist at the time. Today we’re continuing our mission to advance security so others can securely advance with industry-leading security solutions. These solutions are powered by our Insight cloud: an analytics and automation platform that powers our products for vulnerability management, incident detection & response, orchestration & automation, application security, and DevOps & IT operations.
As Rapid7 and the Insight cloud continue to grow, so does our attack surface. We are looking for a software security engineer to join our product & platform security team in Boston.
Position overview
If you are a software developer who wants to live & breathe in the world of security this is an ideal position for you. You will work closely with our product development, DevOps, and IT teams to develop solutions that improve the security posture of Rapid7’s platform & products.
We are looking for a driven software security engineer to build automated security solutions for Rapid7’s platform & products. As a valuable member of the InfoSec team you will be responsible for automating multiple application security tools to secure Rapid7’s SDLC practices. In addition, you will develop scalable tools & solutions to secure Rapid7’s cloud environments.
On a day-to-day basis you will be responsible for
- Building automation for static code analysis in Rapid7’s platform using vendor and open source tools
- Piloting & automating software component analysis tools to mitigate Rapid7’s exposure to third-party vulnerabilities
- Building automation for dynamic code analysis for Rapid7’s platform & products
- Enabling effective security testing of numerous products and services
- Developing automated baseline security scripts for essential developer tools like GitHub & Jenkins
- Automating enforcement of cloud security policies across our AWS footprint
- Defining baseline security for AWS environments
- Working with partner teams for secure design review
- Providing security guidance on core architectural & platform initiatives
- Implementing security controls at scale
- Building strong relationships with Rapid7’s technical teams
- Documenting code and features developed, including changes to existing code
- Maintaining, troubleshooting and debugging code, as required
- Researching external best practices and emerging software and security technologies for possible incorporation into platform/applications and methodologies
You must be good at
- Software development in Python, Go, or equivalent programming language
- Docker, Kubernetes, or other containerization technology
- Developing with AWS services such as Lambda, EC2, S3, DynamoDB/RDS, ALB, Route53
- Working with AWS services like Cloudtrail, Cloudwatch, Config & more
- Design & development of products in an agile development environment
- Experience with Configuration Management tools such as Chef, Puppet
- Experience with Infrastructure as Code tools such as Terraform or AWS Cloudformation
- Working with CI/CD pipelines
- Testing driven development
- Ensuring code follows security best practices
You have a leg up if you
- Have experience working with Rapid7 tools
- Worked with application security testing tools, such as static and dynamic analysis
- Know how to write secure code
- Know secure design principles
Job Perks
- Unlimited vacation
- Flexible work hours
- 401k matching
- Employee stock purchase plan (ESPP)
- Security conferences and training
Rapid7 is an equal opportunity employer. We value, support, and thrive on diversity and inclusion at our company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.