Senior Security Researcher

  • R7852
  • United Kingdom

Rapid7's vulnerability and exploit research team does industry-leading attack research that prioritizes and uncovers risk for organizations worldwide. We’re looking for an experienced vulnerability researcher to contribute to overall research team goals, helping defenders get ahead of the curve on emergent threats and keeping Rapid7 top of mind for industry audiences. You’ll work with a skilled group of technical and cross-team leaders who are highly collaborative and deeply embedded in the security community. 

About the Team
Rapid7 vuln researchers find and disclose zero-day vulnerabilities, write in-depth analyses of n-day bugs, develop Metasploit modules, identify patterns in emerging and established attack surface area, and help internal stakeholders,  customers, and the public understand what's hot, what's not, and why. We also drive company-wide emergent threat responses to widespread attacks that pose risk to customers, but we aren’t satisfied with a merely reactive approach to security research — we seek to identify and contextualize the vulnerabilities and attack vectors that will turn into tomorrow’s widespread threats.

About the Role

In this role, you will:

  • Work with the broader security research team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents (note: there is no on-call requirement for this role)

  • Perform and publish root cause analyses of high-priority vulns and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability intelligence

  • Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed. We believe strongly that defenders benefit from having democratic access to offensive security capabilities in order to understand attacks and test their controls!

  • Conduct zero-day research on popular enterprise technologies (e.g., network appliances, security gateways, CI/CD servers, file transfer and backup software, core operating systems, virtualization technologies, etc)

  • Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.

The skills you’ll bring include:

  • Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization). We don't expect you to know everything, but you should be comfortable digging in to both learn and apply new or unfamiliar techniques when needed.

  • Experience producing vulnerability root cause analyses (or other technical writing on vulns and exploits).

  • Hands-on experience reverse engineering, patch diffing, and developing exploits; prior experience developing Metasploit modules is a plus.

  • Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc)

  • An instinct for where and how to obtain or emulate vulnerable software. We can’t perform hands-on analysis without targets—sometimes we have lab targets, sometimes there are AMIs available, and sometimes we have to get creative.

  • Deep empathy for the challenges that security teams and global organizations face in today's threat climate; willingness to listen, mentor, and collaborate across teams.

We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

#LI-JM2
#LI-REMOTE

Security and Compliance
Rapid7 is committed to keeping customers secure. As a first line of defense, all employees are expected to uphold the highest standards of security and privacy, ensuring the protection of sensitive information and compliance with relevant regulations.

Apply Now

Not You?

We have emailed you a code to verify your identity. Please check your spam/junk folder if you don't receive the email in your inbox.

Application loading...

 

Jobs you may be interested in

Enterprise Security Sales Engineer - Dallas

R9105 TX United States TX, United States Sales Engineering Sales Engineering Full_time JOB_LEVEL-3-11
As a Senior Sales Engineer at Rapid7, you will partner closely with our Sales team as the technical point of contact to new and existing customers across all of Rapid7’s award winning solutions. If you are comfortable going toe-to-toe in a technic...

Senior Security Solutions Engineer

R8830 Tokyo Japan Tokyo, Japan Sales Engineering Sales Engineering Full_time JOB_LEVEL-3-11
As we continue to expand our presence in Japan, we are seeking a highly skilled and motivated Cyber-Savvy Sales Engineer to join our dynamic team. In this role you will partner closely with our Sales team as the technical point of contact to new a...

Senior Talent Acquisition Partner APJ

R9043 Melbourne Australia Melbourne, Australia People Strategy People Strategy Full_time JOB_LEVEL-3-24
We are looking for a driven and results focussed Talent Acquisition Partner to own recruitment across our APJ region. You will have a strong background in hiring both technical and non technical talent and be comfortable recruiting in volume and a...

Detection & Response Analyst

R9081 Belfast United Kingdom Belfast, United Kingdom Security Services Professional Services Full_time JOB_LEVEL-3-23
We are seeking someone with a passion for cyber security to join our team in Belfast. As a SOC Analyst with Rapid7 you will work with Rapid7’s advanced tools to investigate and triage high priority security events. Working with Rapid7’s Tactical O...

Apply Now

Not You?

We have emailed you a code to verify your identity. Please check your spam/junk folder if you don't receive the email in your inbox.

Application loading...