Are you a Security Engineer who is enthusiastic about making a measurable impact through delivering innovative threat and risk management solutions? Are you inspired to improve such experiences to help internal partners better manage their security posture? Do you want to join a global technology company with a strong foothold in the cyber security industry with a rich people-centric culture? Explore our Lead Security Engineer Role below….
As a Security Engineer within Rapid7’s internal Infosec team, you’ll be uniquely positioned to demonstrate risk at both a product and organizational level. By collaborating closely with our Governance and Program Management security teams, you will be on the ground floor of orchestrating and implementing threat and risk management experiences which will go on to be consumed at scale by internal remediation partners. Furthermore, as our internal threat and risk system architecture evolves, you will have a critical role in automation and configuration engineering.
About the team
Rapid7 continues to grow, and so does our attack surface. That’s why we’re looking for a Lead Security Engineer to join our Security Engineering team. The Security Engineering team uses data engineering to power security metrics in order to drive accountability for continuous risk reduction and maturity. This role will partner closely with our Platform Delivery (DevOps), Software Engineering, and IT teams to implement, maintain, and integrate holistic threat and risk management tools in support of our internal teams executing mitigation processes.
About the role
Are you an engineer with a passion for scalable solutions to threat and risk management problems and helping your fellow security practitioners do the same? Do you believe security should empower people to do their work safely and productively? Are you a security authority, recognizing that humans are the most important part of the solution rather than a risk to be mitigated? Do you find yourself wanting to create novel and unique security user experiences?
If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading to learn more about this unique opportunity to work on a security team at a security company.
The Security Engineering team is looking for a qualified individual to join the group and assist in delivering state-of-the-art threat and risk management user experiences. This role will focus heavily upon automation pipelines and vulnerability tool implementation. You will help ensure that Rapid7’s broader Information Security team is appropriately equipped in their ability to quantify both strategic and tactical risks.
In this role, you will:
Build security metrics for all of our security programs (threat and risk detection) in partnership with internal program management and other InfoSec teams
Maintaining, integrating, and administering our full stack threat and risk management tools (DAST, SAST, SCA, network vulnerability scanner) to support internal teams which drive our vulnerability and risk management operations
Security data aggregation, correlation and manipulation. Experience working with data sovereignty related compliance frameworks.
Deep understanding of the threat and risk management tool ecosystem with an ability to configure and automate.
Mentor team members around security, engineering, and collaboration best practices
Build positive relationships with partner teams to continuously improve our strategies for protecting our customers and company
Communicate complex topics in ways everyone can understand, from technical team contributors to non-technical C-level executives
Positively influence the culture of security at Rapid7
The skills you’ll bring include:
Familiarity building data pipelines, dashboards, and executive risk/vulnerability experiences.
Experience administrating and architecting data export pipelines from threat and risk management tools
Experience with SQL or other data query languages including security metrics with business intelligence tools
Experience with programming languages and APIs, especially for extracting, transforming, and loading data from disparate systems into unified data sets
Experience in software development, especially by using web APIs and Python
Excellent time management & prioritization skills with a strong ability to plan, prioritize, and execute projects in coordination with other teams
Excellent ability to communicate to technical & non-technical audiences with a positive, collaborative, and enablement-focused attitude
Insatiable curiosity & desire to challenge conventional approaches to solving problems
Nice to haves:
Experience with Tableau, AWS Lakeformation, or other enterprise data warehousing solutions
Experience in cloud automation tools such as Terraform, CloudFormation, Ansible, Puppet, Chef, etc.
Experience with policy-as-code frameworks such as Terraform Sentinel, CFN Guard, OPA, Checkov, etc.
We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.
Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookie we will not know when you have visited our site, and will not be able to monitor its performance.