Manager, Vulnerability Research

Job Overview

Rapid7’s security sciences division is looking for an experienced vulnerability research leader to help define and execute a research strategy that helps defenders get ahead of the curve, drives product and services innovation, and keeps Rapid7 top of mind for industry audiences. In addition to directly managing a small team of talented researchers, you’ll work with a skilled group of offensive security experts to define long-term priorities, evolve strategy where needed, and emphasize the importance of research to executive-level stakeholders.  

About the Team

Rapid7's vulnerability and exploit research team does industry-leading attack research that prioritizes and uncovers risk for organizations worldwide. Our researchers find and disclose zero-day vulnerabilities, write in-depth analyses of n-day bugs, identify patterns in emerging and established attack surface area, and help internal stakeholders, vendors, media, customers, and the public understand what's important, what's not, and why. We also drive company-wide emergent threat responses to widespread attacks that pose risk to customers, but we aren’t satisfied with a merely reactive approach to security research—we seek to identify and contextualize the vulnerabilities and attack vectors that will turn into tomorrow’s major threats.

About the Role

In this role, you will:

• Manage a small bench of skilled senior researchers, coaching and unblocking on day-to-day vulnerability analysis tasks; you’ll help prioritize, drive operational efficiencies, and conduct regular 1:1s and performance reviews to further develop our top-tier talent!

• Lead Rapid7’s external vulnerability disclosure program. You’ll work with researchers to develop summaries of new vulnerabilities, report them to vendors, reserve and populate CVEs, and coordinate public disclosures with Rapid7 teams and external vendors, ensuring compliance with Rapid7’s disclosure policy.

• Prioritize, review, and suggest refinements to team vulnerability root cause analyses, exploit and PoC implementations, and CVE impact assessments, drawing on public data and your own experience to help the team paint a clear, holistic picture of risk for common threat models. 

• Take an active operational role in triaging and prioritizing new CVEs that may qualify for customer-facing emergent threat responses; you’ll advise on process changes, write operational documentation, and/or implement automation that drives faster positive outcomes for customers and cross-team stakeholders.

• Assist in planning and delivering vulnerability intelligence blogs and long-form research reports, identifying patterns and attack vectors that spark conversation.

• Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain the value of research to executive-level stakeholders.

• Work with Labs leadership on long-term hiring plans to scale the global team in line with business priorities; hire and develop a small bench of junior talent in Rapid7 office locations (EMEA), inspiring and training the next generation of vulnerability researchers.

The skills you’ll bring include:

• 5+ years of hands-on experience in a vulnerability research or exploit development role; you have extensive experience and a clear point of view on vulnerability exploitation, patch diffing, native code analysis, and black-box testing. 

• Experience in a team lead or other research leadership role that includes management of both junior and senior researchers; experience managing across multiple time zones and countries is a big plus! 

• Demonstrable experience running or participating in coordinated vulnerability disclosure processes that require coordination with external partners as well as internal teams (e.g., researchers, vendors, customers, governments, PR agencies). You have both expertise and empathy where CVD is concerned and can help all parties find common ground while still championing scalable practices that showcase team expertise. 

• Expert knowledge of major vulnerability classes, attack techniques, and adversary profiles — and the ability to tell a story that connects them. Ideally you can point to public writing or speaking you’ve done on vulns and exploits (or other research or tooling you’ve delivered)

• Deep understanding of the challenges that security teams and global organizations face in today's threat climate

• Understanding of how urgency and importance can complement each other or detract from one another: Your work will fall into both categories, and you’ll need to know when to counsel patience vs. when to raise alarms.

We know that the best ideas and solutions come from multi-dimensional teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy — apply today.

About Rapid7

Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 11,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.

#LI-JM2
#LI-HYBRID