Lead Security Researcher - VRM (Pennsylvania) at Rapid7

| Remote
Sorry, this job was removed at 7:11 a.m. (EST) on Friday, September 17, 2021
Find out who's hiring in Boston.
See all Operations jobs in Boston
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

The past year has seen a significant rise in widespread attacks and zero-day vulnerabilities that pose a threat to many organizations. In this elevated threat climate, customers need timely, expert response to high-priority security threats so that they may assess exposure and take actions that make them more secure. Rapid7’s emergent threat response team is a group of vulnerability researchers and cross-functional leaders who work across the company to help customers understand and implement defenses against active and impending security threats. 

Our researchers analyze CVEs that are being actively exploited in the wild (or are likely to be exploited soon) and publish both in-depth and high-level analysis on vulnerability and exploit trends. At the same time, we aren’t satisfied with a merely reactive approach to security research—we seek to identify, characterize, and contextualize the vulnerabilities and attack vectors that will turn into tomorrow’s widespread threats (or next month’s, or next year’s). We’re looking for a lead or principal-level researcher to join our team and help define strategic vulnerability research priorities, align cross-functional teams on execution, and help defenders get ahead of the attack curve.

Responsibilities: 

  • Work with the VRM research and product teams to define and execute on longer-term priorities across both n-day and zero-day research. We’re looking for someone who understands vulns, has a point of view on what matters to big swaths of enterprise orgs, and can pitch and develop impactful projects that help our customers advance and position Rapid7 as a leader in the VRM space. 

  • Collaboratively influence and engage cross-functional teams to drive understanding and buy-in for the priorities you’ve identified. Act as a mentor and teacher to your peers and more junior teammates.

  • Perform and publish root cause analyses of high-priority vulns and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability risk management

  • Work with our security content engineers to develop vulnerability checks and fingerprints for the very top tier of emergent threats; you’ll primarily act as a consultant in this capacity, but there may also be an occasional need to execute.

  • Work with the Metasploit team to incorporate new high-value exploits into Metasploit Framework as needed—we believe strongly that defenders benefit from having democratic access to offensive security capabilities in order to understand attacks and test their controls!

  • Contribute meaningful, story-driven, evidence-backed commentary on the vulnerability landscape to Rapid7’s annual vulnerability intelligence report and other thought leadership vehicles.

  • Identify and pitch public speaking engagements that raise our profile in the vulnerability research space (optional but a big plus!).


Key competencies: 

  • A clear, specific point of view on vulnerabilities, attack surface area, and exploitation. We have teams at this company who analyze individual threat actors and threat intelligence, but we aren’t one of them. Our purview is vulnerability intelligence—which vulns matter, why they matter, how attacks are going to change (or not), and what defenders can do about it.

  • Deep understanding of the challenges that vulnerability risk management customers and global organizations face.

  • A bent toward practicality when defining research priorities. We eschew ivory towers—making research accessible and actionable is what wins customers’ hearts. 

  • Understanding of how urgency and importance can complement each other or detract from one another: Your work will fall into both categories, but you’ll need to know when to counsel patience vs. when to raise alarms. 

  • The ability to tell a clear, compelling story both on paper and in front of an audience.

  • Enormous empathy, patience, and adaptability, with a healthy dose of boundary-setting for sustainable achievement. This industry can be intense and full of fire drills, but we strive to never, ever spread FUD (fear, uncertainty, and doubt) amongst ourselves or our customers. You’ll be a leader on a cross-functional team who supports each other and advocates relentlessly for customers in an ever-changing threat climate—your insight will help us define what the right responses look like and extend our ability to deliver them without succumbing to hype or contributing to alert fatigue. 


What you’ll get:

  • A remote-friendly team who cares about each other and about the community, who prioritizes open information whenever possible, and who will respect your unique strengths, weaknesses, and boundaries.

  • The ability to work with and learn from some of the lowest-ego, kindest folks in the exploit development and vuln research business. They’re smart and driven, too, but they are kind to one another and the community first and foremost (always).

  • A high-visibility role with lots of opportunity for growth and leadership, and a cross-functional leadership team who will cheer you on, brag about your work, and advocate for your point of view.

  • A manager who will listen to feedback, partner with you on defining a career path that excites and inspires you, and support you in prioritizing work-life balance that keeps you healthy and happy.

  • The opportunity to be part of a company that’s thinking strategically about its future in the industry and its ability to solve problems for customers. Whatever bumps we hit along the way, Rapid7 cares about accessibility and security achievement for its customers. Both VRM and executive leaders also care deeply about research and open source—and they put their money where their mouths are!

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • GolangLanguages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • jQueryLibraries
    • ReactLibraries
    • ReduxLibraries
    • AngularJSFrameworks
    • DjangoFrameworks
    • ExpressFrameworks
    • FlaskFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • TensorFlowFrameworks
    • CassandraDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • PostgreSQLDatabases
    • RedisDatabases
    • Google AnalyticsAnalytics
    • OptimizelyAnalytics
    • IllustratorDesign
    • InVisionDesign
    • PhotoshopDesign
    • SketchDesign
    • AsanaManagement
    • ConfluenceManagement
    • JIRAManagement
    • WordpressCMS
    • SalesforceCRM

Location

Rapid7 is conveniently located between the North End and West End of Boston, with plenty of restaurants, bars and public transport close by.

An Insider's view of Rapid7

What does your typical day look like?

For the majority of the day it’s a mix of weekly check-ins with various teams, project updates, and the occasional brainstorm.

When I’m not in meetings I’ve got headphones in while planning, writing, or designing — at my desk or perched somewhere around the office.

Grace

Senior Brand Storyteller

What are some things you learned at the company?

When we talk about being a moose and impact together, what we are saying is that we support each other on our journey forward. We actively look for ways to collaborate, strengthen our ideas and learn from each other, no matter what department you may be in at Rapid7.

David

Global Director of Sales Engineering

What are Rapid7 Perks + Benefits

Culture
Volunteer in local community
Once a year, Rapid7 offices across the globe close for the day so employees can volunteer.
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Dedicated Diversity/Inclusion Staff
Highly diverse management team
Rapid7 is led by a diverse management team that represent the security community we serve. We believe that we all have a responsibility to continuously improve our DE&I efforts.
Unconscious bias training
We believe in continuous learning, our in-house trainers conduct consistent diversity trainings. We advocate for diverse thinking and strive to cultivate a workforce that mirrors the best minds.
Someone's primary function is managing the company’s diversity and inclusion initiatives
Diversity Employee Resource Groups
We have so many amazing and organically created employee resource groups! These internal Rapid7 communities allow for an authentic experience where diverse employees and allies can come together.
Hiring Practices that Promote Diversity
We've taken the Parity Pledge, we reinforce strategic recruitment, we are committed to diversity partnerships, and we understand the importance in training around unconscious bias.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Our remote work program includes full-time remote for specific positions, Work remotely on occasion as needed.
Family Medical Leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Volunteer Time
Our employees receive unlimited hours per year of paid volunteer time.
Paid Holidays
Paid Sick Days
Employees receive unlimited hours per year of paid sick leave.
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Rapid7 has a fully stocked kitchen including unlimited snacks, coffee, tea and all of the flavored sparkling water you can handle.
Some Meals Provided
Employees get free lunch during quarterly in-office Town Halls and some team meetings.
Happy Hours
Fitness Subsidies
Home Office Stipend for Remote Employees
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Continuing Education stipend
Variable.
Time allotted for learning
Online course subscriptions available
Paid industry certifications
More Jobs at Rapid7105 open jobs
All Jobs
Finance
Data + Analytics
Design + UX
Dev + Engineer
HR + Recruiting
Marketing
Operations
Product
Project Mgmt
Sales
Operations
new
Remote
HR + Recruiting
new
Boston
Operations
new
Boston
Design + UX
new
Boston
Operations
new
Boston
Finance
new
Boston
Data + Analytics
new
Boston
Operations
new
Boston
HR + Recruiting
new
Boston
Sales
new
Boston
Operations
new
Boston
Project Mgmt
new
Boston
Developer
new
Boston
Data + Analytics
new
Boston
Sales
new
Boston
Marketing
new
Boston
Developer
new
Remote
Developer
new
Boston
HR + Recruiting
new
Boston
Finance
new
Boston
Project Mgmt
new
Boston
Data + Analytics
new
Boston
Operations
new
Boston
Developer
new
Boston
Developer
new
Boston
HR + Recruiting
new
Boston
Developer
new
Boston
Developer
new
Boston
Operations
new
Boston
Operations
new
Boston
Operations
new
Boston
Developer
new
Boston
Data + Analytics
new
Boston
Finance
new
Boston
Developer
new
Boston
Operations
new
Remote
Operations
new
Boston
Project Mgmt
new
Boston
Operations
new
Boston
Data + Analytics
new
Boston
Operations
new
Boston
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Rapid7's full profileSee more Rapid7 jobs