Information Security • Vulnerability Management • Penetration Testing • Compromised User Detection • Mobile Risk Management
1001 - 5000
October 26
Information Security • Vulnerability Management • Penetration Testing • Compromised User Detection • Mobile Risk Management
1001 - 5000
• Work with the broader security research team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents (note: there is no on-call requirement for this role). • Perform and publish root cause analyses of high-priority vulns and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability intelligence. • Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed. • Conduct zero-day research on popular enterprise technologies (e.g., network appliances, security gateways, CI/CD servers, file transfer and backup software, core operating systems, virtualization technologies, etc). • Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.
• Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization). • Experience producing vulnerability root cause analyses (or other technical writing on vulns and exploits). • Hands-on experience reverse engineering, patch diffing, and developing exploits; prior experience developing Metasploit modules is a plus. • Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc) • An instinct for where and how to obtain or emulate vulnerable software. • Deep empathy for the challenges that security teams and global organizations face in today's threat climate; willingness to listen, mentor, and collaborate across teams.
Apply NowOctober 25
1001 - 5000
Compliance Analyst for Marigold managing external compliance to standards like SOC2.