Senior Software Engineer

We are seeking a Senior Software Engineer to join our VM Policy Content team, responsible for building and maintaining security configuration compliance content across operating systems and applications. This role focuses on developing high-fidelity policy checks aligned to industry benchmarks such as CIS, ensuring accuracy, scalability, and low false-positive rates across customer environments.

About the Team

The VM Policy Content team develops and maintains security configuration compliance content used by customers to assess operating systems and enterprise applications against industry benchmarks such as CIS and DISA STIG. Our work directly impacts customer trust by ensuring accurate, reliable, and scalable compliance assessments within the vulnerability management platform.

About the Role

As a Senior Software Engineer, your primary responsibility will be to design, develop, and maintain security policy content that powers automated compliance assessments for operating systems and enterprise applications. Specifically, your focus will be to:

• Design, build, maintain, and release well-architected services, writing clean, correct, and maintainable code while making sound design decisions and tradeoffs

• Develop and maintain benchmark-aligned policy checks using Python and XML-based standards

• Translate CIS benchmark guidance into accurate, testable, and scalable detection logic

• Improve policy reliability by reducing false positives, identifying defect patterns, and strengthening deterministic evaluation logic

• Take an active role in feature design and planning, contributing as a key stakeholder throughout the development lifecycle

• Partner with Product Management, UX, QA, and Support to ensure customer requirements are well understood and effectively implemented

• Mentor and coach junior engineers by providing technical guidance, conducting code reviews, and promoting engineering best practices

• Develop deep product knowledge to support complex customer scenarios and troubleshooting needs

The skills and qualities you’ll bring include:

• 5+ years of experience in software development with strong hands-on expertise in Python, and working knowledge of Java in enterprise environments.

• Strong problem-solving ability with experience debugging complex logic and edge cases

• Clear and effective technical communication across engineering and non-engineering stakeholders

• Demonstrated ownership mindset with the ability to drive work independently in ambiguous environments

• Experience mentoring or coaching junior engineers through code reviews, technical guidance, and knowledge sharing

• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

• Developing automation, transformation, and parsing logic using Python

• Working with structured data formats such as XML (e.g., XCCDF, OVAL, SCAP or similar schemas)

• Interpreting and implementing security configuration benchmarks (CIS & DISA STIG)

• Designing deterministic logic to evaluate operating system and application configurations

• Testing frameworks such as PyTest (Python) or JUnit (Java)

• CI/CD pipelines using Jenkins

• Debugging and resolving complex defects in production systems

• Working knowledge of Linux, Mac and/or Windows operating systems

• Experience developing and testing against virtual machine environments

• Familiarity with security, compliance, or vulnerability management tooling

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome.

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ ve been doing for the past 20 years. If you ’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.