Senior Security Researcher

The Senior Security Researcher is responsible for conducting research of new vulnerabilities for Rapid7’s InsightAppSec Dynamic Application Security Testing (DAST) scanner. The researcher will partner with the development team to develop new vulnerability detection modules.

About the Team

Our Vulnerability Management Practice helps enable full-cycle vulnerability management by automating the tedious and mundane manual tasks in traditional patching and remediation routines. InsightAppSec, a product within Rapid7’s Vulnerability Management Practice, performs black-box security testing to automate identification, triage vulnerabilities, and remediate application risk. Our team works on the scan engine, a web application security vulnerability scanner that is a major component of InsightAppSec. 

About the Role

The Senior Security Researcher is responsible for researching and staying up to date with the latest web vulnerabilities to partner with the development team to build new vulnerability detection modules for Rapid7’s DAST solution. 

In this role, you will:

• Research, design and partner with the development team to build new website and API vulnerability detection modules.

• Work closely with product management to help drive the direction of our DAST solution. 

• Provide expert analysis on critical vulnerabilities and threats. 

• Document and blog new vulnerability detection modules.

• Be the source of knowledge and expertise for the development team.

The skills you’ll bring include:

• 4+ years of experience in the cybersecurity industry in research or analyst roles.

• Independent researcher and natural leader with ability to lead ongoing efforts to build new capabilities and features while supporting existing ones.

• Expert knowledge of common operating systems, services, networking protocols, logging, attacker techniques and tools.

• A deep understanding of the current threat landscape including the latest tactics, tools, procedures, common malware variants and effective techniques for detecting malicious activity.

• Strong analytical skills with the ability to partner with development teams and apply critical insights.

• Excellent understanding of web technologies.

• Willingness to mentor and teach others what you know.

• Solid experience using interpreted languages (Python, Ruby, PHP, etc.).

Pluses:

• Previous experience working on security products.

• Experience with C++, C#.

We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.

With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.