Find your next cybersecurity opportunity


Lead Security Researcher



Remote · United States
Posted on Thursday, December 21, 2023

Location: Remote (U.S.)

Lead Security Researcher - Vulnerability Research

Rapid7's vulnerability and exploit research team does industry-leading attack research that prioritizes and uncovers risk for organizations worldwide. We’re looking for an experienced vulnerability researcher to contribute to overall research strategy and execution, helping defenders get ahead of the curve on emergent threats and keeping Rapid7 top of mind for industry audiences. You’ll work with a skilled group of technical leads to define and deliver on long-term priorities, evolving strategy where needed.

About the Team

Rapid7 vuln researchers find and publish zero-day vulnerabilities, write in-depth analyses of n-day bugs, develop Metasploit modules, identify patterns in emerging and established attack surface area, and help internal stakeholders, media, customers, and the public understand what's hot, what's not, and why. We also drive company-wide emergent threat responses to widespread attacks that pose risk to customers, but we aren’t satisfied with a merely reactive approach to security research — we seek to identify and contextualize the vulnerabilities and attack vectors that will turn into tomorrow’s widespread threats.

About the Role

In this role, you will:

  • Work with the broader security research team to define and execute on longer-term research priorities across one or more key areas. This is intentionally open: We’re looking for someone who understands vulns, has a point of view on what matters to big swaths of enterprise orgs, and can pitch and develop impactful projects that help our customers and position Rapid7 as a leader in the threat and vuln research space.

  • Contribute technical trend analysis for Rapid7's annual and other research reports, identifying patterns and vectors that spark conversation across the community

  • Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit as needed

  • Perform and publish root cause analyses of high-priority vulns and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability intelligence

  • Be a key advocate for our team's work in public speaking and industry engagements

  • Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain the value of research to executive-level stakeholders

The skills you’ll bring include:

  • A clear, specific point of view on vulnerabilities, attack surface area, and exploitation, including a broad understanding of common vulnerability classes and exploitation techniques. We don't expect you to know everything, but you should be comfortable digging in to both learn and apply new or unfamiliar techniques when needed.

  • Demonstrable experience finding high-impact zero-day vulnerabilities, writing about vulns and exploits, and speaking publicly about research and tools you've delivered (e.g., at conferences or on webcasts)

  • Media training or experience speaking to journalists is a big plus

  • Experience working cross-functionally and translating technical concepts — we're looking for someone who's comfortable being a go-to expert for lots of different audiences, especially during high-velocity, time-sensitive events where folks are looking to you for security expertise (think Log4Shell)

  • Deep understanding of the challenges that security teams and global organizations face in today's threat climate

  • Willingness to mentor and teach others what you know—you don't need to be a people manager, but clear communication and the ability to help more junior folks understand key concepts will contribute to your success!!

  • Understanding of how urgency and importance can complement each other or detract from one another: Your work will fall into both categories, but you’ll need to know when to counsel patience vs. when to raise alarms.

We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.