Rapid7: Security Governance Analyst II
Rapid7
120 Causeway Street
Boston, MA 02114

Video

Employee Testimonials

Aniket Menon Rapid7
Dennis Nahas Rapid7

Security Governance Analyst II

Location: Boston, MA

Team: Information Security

Role Overview:

This role is for someone who is looking to develop their information security knowledge by contributing to Security Trust & Governance operations. An information security and/or information technology background would set you up for success in this position. Your ability to successfully carry out cross-functional work will require strong communication skills, patience, and a solution-oriented attitude.

Youll join us in our brand new North Station HQ and work with an energized team that cares deeply about the success of these initiatives, and leadership that values work-life balance, an inclusive culture, and your ongoing career development.

Day In The Life:

The Sales team wants to purchase a new enablement solution, and youre responsible for conducting a security assessment of the tool theyve selected. You start the day by meeting with a Sales manager to discuss how the tool would be used, what data it would process, and what integrations would be required. This context is critical to understanding how the tool might introduce risk to Rapid7. Later today, youll review the documentation provided by the vendor to determine whether they have adequate security controls in place based on the scope of our potential engagement.

You check your ticket queue and see that youve received some security and privacy questions from a customer. Youre able to answer most of them by referring to Rapid7s policies, and you send the remaining questions over to a team member in Product Security, ensuring they have enough context to address them thoroughly.

After lunch, you spend a couple of hours on a project youve been chipping away at -- automating a process to pull some SOC 2 audit evidence in order to speed up the process for a control owner in IT.

Before you head out for the day, you check in to see if application owners have completed their quarterly access reviews. You notice that one of the application owners stopped in the middle of his review, so you send him a Slack message to see if hell be able to finish his review this week to keep the process on track. He mentions he paused after getting confused about something he saw in the access re-certification tool. You walk over his desk and sort out his question with him so he can complete his review.

Responsibilities:

  • Assist in third party risk management efforts by performing security assessments of potential Rapid7 partners/vendors. This requires considering elements such as the architecture of computer information systems, the sensitivity of data that will be processed, the vendors overall security program maturity, and any aspect of the engagement that could introduce risk to Rapid7.

  • Address questions about Rapid7s internal security program from customers, prospects, and auditors. This will often require working with other members of the Information Security team, and with other Rapid7 teams, including Engineering, Product Management, Content Strategy, and Legal.

  • Assist senior members of the security team with tasks related to:

    • Aiding in security awareness and culture initiatives throughout the company

    • Compliance and privacy program maintenance

    • Workflow improvements

    • Identity and access management maintenance

Requirements

  • 2+ years of experience in information security, information technology, data privacy, or an adjacent field.

  • Strong project management abilities, including ability to coordinate initiatives across technical and non-technical teams/stakeholders and managing distributed teams and projects.

  • Ability to work effectively with both technical and business executives.

  • Strong communication and organizational abilities.

Preferred Qualifications

  • Experience in information security and/or information technology.

  • Understanding of certification and accreditation/auditing activities, and security control frameworks.

Full-time

Employee Testimonials

James Green
Director of Engineering, Engineering, Software Development

"My favorite memory of being a 'Moose' is our first ever company-wide hackathon in Cambridge. After a fun–filled week for the company kick-off, we still managed to deliver, through the night, on some amazing ideas."

Brett Garofalo
Manager, Mid-Market Sales

"I am not a natural–born salesperson or leader. Rapid7 gave me the mentorship opportunities and leeway to develop those skillsets. Having the support of my management allowed me to take risks and learn from mistakes instead of being tentative and afraid to put myself out there."

Aniket Menon Rapid7
Aniket Menon
Manager, Enterprise Deployments

"I love the infectious energy and fast–paced nature of the job. Unrelenting progress towards becoming the #1 company in Cyber Security. The sheer number of Products and Services we have launched in the last two years is a staggering achievement."

Dennis Nahas Rapid7
Dennis Nahas
Systems Administrator

"The most fulfilling moments are seeing our products name dropped in the security press, knowing we all contributed to that."

Chris Wallace Rapid7
Chris Wallace
People Strategy Manager

"It's pretty cool to look around the room and know that I played a part in making all of that happen, and that I hopefully helped those people move into a role that they find really rewarding and exciting. Especially in a company where they in turn can have a big impact and take their careers to the next level. The fact that they are all good people, and that we all manage to have a bit of fun in the process, helps too."

Roy Hodgman Rapid7
Roy Hodgman
Data Scientist

"I feel that [our core value for] continuous learning best represents me because it's been essential to my career here. There are no shortage of tools and techniques that can be applied to the projects I work on, and despite what I think I might know about the problem at hand, more often than not there are new and novel ways to approach it."