: Director, Security Operations

Company Description

Rapid7 (NASDAQ: RPD) is helping organizations around the globe advance securely. Our technology, services, and community-focused research simplify complexity for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. With more than 9000 customers across 120+ countries, Rapid7 is a recognized leader in cybersecurity that has proudly earned numerous industry accolades and strong recognition for our technology and culture. Learn more at www.rapid7.com.

Our Mission

By continuously improving our technology, stemming the creation of risk in the community, and making security more usable and accessible, Rapid7 enables technology professionals to gain the clarity, command, and confidence they need to safely drive innovation and protect against risk. Our product suite helps organizations to quickly predict, deter, detect, and remediate attacks and obstacles to productivity.

The Opportunity

What if security was an opportunity and not an obstacle? What if it wasnt a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that too.

Just like many of our customers, as Rapid7 continues to grow, so does our attack surface. Thats why were looking for an amazing leader to join us as our Director of Security Operations reporting to the Chief Security Officer. Youre the kind of person who wants to lead and support a high-functioning security operations team and evolve it into a world-class operation. Youll level up our defensive security operations (including vulnerability management, threat detection, and incident response) in partnership with team leaders in those areas. On top of that, youll build a new offensive security operations program (including attack simulations against our companys applications, infrastructure and more) to ensure were continuously tested and prepared to defend against attacks from threat actors. Youll do all of this in collaboration with your partner teams across the company, both inside and outside InfoSec. Also, have you ever wondered what it's like to work on a security team at a security company? (Hint: it's kind of amazing.)

Are you looking for a new opportunity to channel your security, technology, and leadership expertise into supporting and developing a talented team of security practitioners? Do you believe security should empower people to do their work safely and productively, with guardrails and not gates? Are you a security optimist, recognizing that humans are the most important part of the solution rather than the weakest link in the chain? Do you find yourself daydreaming about new solutions to old problems?

If youve been answering yes to these questions, then you might be the person were looking for! Keep reading to learn more about this unique opportunity.

The Role

We are looking for someone who can lead our maturing SecOps organization and evolve it as an industry leader, providing an example of how we provide great experiences both for our internal stakeholders and external customers by identifying, managing and reducing risk to businesses most sensitive data. This person will have responsibility for:

  • Leading, supporting, and advocating for a highly motivated defensive security operations team, with disciplines in vulnerability risk management, threat detection, and incident response

  • Building a new offensive security operations team

  • Providing mentorship and career development opportunities for the team, enabling them to scale

  • Defining the long-term vision, strategy, and roadmap for our security operations group, prioritizing automation every step of the way

  • Building positive relationships with partner teams to continuously improve our strategies for protecting our customers and company

  • Partnering with our CSO on strategic direction of security operations to meet the needs of the business

  • Communicating complex topics in ways everyone can understand, from technical team contributors to C-level executives

  • Positively influencing the culture of security at Rapid7

  • Addressing escalation from principal staff and managers

Qualifications and Traits

  • 5+ years leading, developing, and recruiting managers and technical teams, preferably in defensive and offensive capacities

  • 9+ years of experience in InfoSec, preferably in penetration testing, red teaming, threat detection, incident response, and/or vulnerability management

  • A passionate people leader who can lead teams of teams and focuses on growing and developing talent

  • Comprehensive experience defining and/or building metrics to measure and improve the effectiveness of security controls

  • Ability to balance strategic vision for the future with the technical competence to lead the execution

  • Outstanding communication and cross-functional partnering skills

  • Comprehensive knowledge of Infrastructure-as-a-Service security concepts/best practices, especially AWS

  • Deep experience defining and/or building highly automated security processes, playbooks, controls, etc.

  • Deep experience of threat hunting & deception techniques

  • Deep knowledge of tactical, operational and strategic intelligence areas

  • Expert knowledge of network traffic analysis (Netflow, Full Packet Capture, DPI)

  • Expert knowledge of responding to computer incidents and computer misconduct investigations

  • Expert knowledge of adversaries tactics, techniques, and procedures (TTPs) and how they may impact the organization

  • Comprehensive understanding of cloud incident response processes

  • Comprehensive understanding of how to acquire and analyze digital forensic information

  • Working knowledge of software engineering principles applied to security practices (e.g. detection engineering, security as code, unit/regression/integration tests, security guardrails)

  • The ability to carefully balance staying the course with guiding your managers and teams plans when new information and priorities arise

  • Comprehensive knowledge of project ownership and excellent time and task management skills

Additional

  • Experience developing software tooling to solve custom problems

  • Experience using Rapid7 products (InsightVM, InsightIDR, InsightConnect, and/or Metasploit)

  • Experience using Agile principles and work management frameworks (e.g. Scrum) for security work

  • Preferred locations: Boston, MA; Arlington, VA; Belfast, UK; Austin, TX; Los Angeles, CA

Full-time

Employee Testimonials

James Green
Senior Director, Software Engineering

"My favorite memory of being a 'Moose' is our first ever company-wide hackathon in Cambridge. After a fun–filled week for the company kick-off, we still managed to deliver, through the night, on some amazing ideas."

Brett Garofalo
Manager, Mid-Market Sales

"I am not a natural–born salesperson or leader. Rapid7 gave me the mentorship opportunities and leeway to develop those skillsets. Having the support of my management allowed me to take risks and learn from mistakes instead of being tentative and afraid to put myself out there."

Aniket Menon Rapid7
Aniket Menon
Director, Product Management

"I love the infectious energy and fast–paced nature of the job. Unrelenting progress towards becoming the #1 company in Cyber Security. The sheer number of Products and Services we have launched in the last two years is a staggering achievement."

Dennis Nahas Rapid7
Dennis Nahas
Manager of Engineering, IT Devops

"The most fulfilling moments are seeing our products name dropped in the security press, knowing we all contributed to that."

Chris Wallace Rapid7
Chris Wallace
Director, People Strategy

"It's pretty cool to look around the room and know that I played a part in making all of that happen, and that I hopefully helped those people move into a role that they find really rewarding and exciting. Especially in a company where they in turn can have a big impact and take their careers to the next level. The fact that they are all good people, and that we all manage to have a bit of fun in the process, helps too."

Roy Hodgman Rapid7
Roy Hodgman
Manager, Data Scientist

"I feel that [our core value for] continuous learning best represents me because it's been essential to my career here. There are no shortage of tools and techniques that can be applied to the projects I work on, and despite what I think I might know about the problem at hand, more often than not there are new and novel ways to approach it."