We are looking for a driven Vulnerability Intelligence Program Manager to lead Rapid7’s response to emergent threats and coordinated vulnerability disclosures, helping shape how the industry understands and responds to risk. In this role, you’ll sit at the center of high-impact, time-sensitive security events—managing cross-team response efforts, leading vendor and third-party coordination, and ensuring clear, accurate communication to customers and the broader community. If you thrive at the intersection of vulnerability research, operations, and storytelling, and want to make a meaningful impact on how defenders stay ahead of evolving threats, this role offers a unique opportunity to do exactly

About the Team

Rapid7’s Vulnerability Intelligence team leads industry research to uncover and prioritize risks for organizations worldwide. Our researchers discover and disclose zero-day vulnerabilities, analyze n-day vulnerabilities, develop Metasploit exploit modules, and identify patterns in emerging attack surfaces. Beyond driving coordinated responses to major incidents, the team provides actionable insights that help defenders stay ahead of evolving threats—proactively shaping understanding of today’s risks and tomorrow’s attack vectors.

About the role

As a Vulnerability Intelligence Program Manager, your primary responsibility will be to lead and scale Rapid7’s coordinated response to emergent threats and vulnerability disclosures, ensuring timely, effective, and responsible engagement across teams and with external partners. Specifically, your focus will be to:

• Program manage Rapid7’s Emergent Threat Response program, driving and growing Rapid7’s cross team response to widespread threats.

• Program manage Rapid7’s Coordinated Vulnerability Disclosure program, shepherding each disclosure from initial outreach through final public release and ensuring thoughtful adherence to Rapid7’s coordinated disclosure policy. 

• Lead vendor outreach and communication for external vulnerability disclosures directly, including ongoing vendor negotiations, third-party involvement (e.g., from CERTs or IR firms), and customer-ready messaging.

• Copy-edit and publish vulnerability disclosure blogs on Rapid7-discovered issues and response blogs for emergent threats, working with our PR, Labs, and product teams to make sure each blog tells a coherent, compelling story and includes relevant Rapid7 customer information. 

• Create and maintain operational documentation for the programs you manage.

• Be an advocate for both CVD and ETR within Rapid7 and across the broader community.

The skills and qualities you’ll bring include:

• A strong understanding of the context and ecosystem surrounding enterprise software vulnerabilities. Prior experience as a vulnerability analyst is a plus. We are not looking for a background in technical vulnerability research, but understanding what matters, what doesn't and why are important.

• Strong communication skills and experience working across teams and functions to drive operations for complex and time sensitive programs.

• Experience conducting coordinated vulnerability disclosure (CVD) operations, particularly with external vendors and industry bodies; experience conducting complex multi-party disclosure negotiations with government or CERT involvement is a big plus.

• A strong understanding of how the CVE ecosystem and associated metadata work (CVSS, CWE, etc.).

• The ability to both write and copy-edit written material about vulnerabilities and exploitation with accuracy and specificity, conveying complex and nuanced topics to a broad audience.

• Understanding the benefits and challenges of vulnerability disclosure and response, including the political and media climate around CVEs, exploits, and threats.

• Curiosity and openness to understanding the why behind change, actively driving progress with a forward-looking mindset.

• Accountability for delivering outcomes and meeting commitments by establishing ownership, clear roles, and shared expectations across teams and projects.

• Ability to build and leverage a global network, working across boundaries to drive sustainable improvements that create lasting business and customer value.

• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. 

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

#LI-SIM

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome.

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ ve been doing for the past 20 years. If you ’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.