Senior Security Researcher

Job not on LinkedIn

August 21

Apply Now

Receive Emails with Similar Jobs

Rapid7

WebsiteLinkedInAll Job Openings

Cybersecurity

Rapid7 is a cybersecurity company that provides a range of solutions designed to secure cloud, identity, and endpoint products. The company's Command Platform utilizes artificial intelligence to offer deep insights into cybersecurity threats and vulnerabilities. Rapid7's offerings include Managed XDR for continuous monitoring, detection, and incident response, as well as tools for attack surface management, vulnerability management, and threat intelligence. The company is known for its open-source projects like Metasploit and Velociraptor, which aid in vulnerability research and enhancing cybersecurity frameworks. Rapid7 also emphasizes community and culture, contributing to diversity, equity, and inclusion, and engages in public policy advocacy to strengthen cybersecurity on a broader scale. They serve over 11,000 global companies and deliver expert analysis on attack trends and emergent threats through Rapid7 Labs.

1001 - 5000 employees

Founded 2000

🔒 Cybersecurity

📋 Description

• Drive vulnerability discovery and analysis within Rapid7’s Vulnerability Intelligence team. • Research zero-day and n-day threats, develop exploits, publish root cause analyses, and collaborate across teams to provide defenders with actionable insights. • Lead coordinated vulnerability disclosures and rapid responses to major security incidents (Note: there is no on-call requirement for this role). • Perform and publish root cause analyses of high-priority vulnerabilities and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability intelligence. • Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed. • We believe strongly that defenders benefit from having democratic access to offensive security capabilities in order to understand attacks and test their controls! • Conduct zero-day vulnerability research against popular enterprise technologies (e.g., network appliances, VPN gateways, CI/CD servers, file transfer and backup solutions, etc). • Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders. • The skills you’ll bring include: Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization, etc). • We don't expect you to know everything, but you should be comfortable digging in to both learn and apply new or unfamiliar techniques when needed. • Experience producing vulnerability root cause analyses (or other technical writing on vulnerabilities and exploits). • Hands-on experience reverse engineering, patch diffing, and developing exploits. • Prior experience developing Metasploit modules is a plus. • Prior experience reverse engineering at least one common enterprise software development language (e.g. Java, .NET, C/C++) is also a plus. • Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc). • An instinct for where and how to obtain or emulate vulnerable software. • We can’t perform hands-on analysis without targets - sometimes we have lab targets, sometimes there are AMIs available, and sometimes we have to get creative. • Deep empathy for the challenges that security teams and global organizations face in today's threat climate; willingness to listen, mentor, and collaborate across teams.

🎯 Requirements

• Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization, etc). • We can't expect you to know everything, but you should be comfortable digging in to both learn and apply new or unfamiliar techniques when needed. • Experience producing vulnerability root cause analyses (or other technical writing on vulnerabilities and exploits). • Hands-on experience reverse engineering, patch diffing, and developing exploits. • Prior experience developing Metasploit modules is a plus. • Prior experience reverse engineering at least one common enterprise software development language (e.g., Java, .NET, C/C++) is also a plus. • Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc). • An instinct for where and how to obtain or emulate vulnerable software. • We can't perform hands-on analysis without targets - sometimes we have lab targets, sometimes there are AMIs available, and sometimes we have to get creative. • Deep empathy for the challenges that security teams and global organizations face in today's threat climate; willingness to listen, mentor, and collaborate across teams.