: Lead Security Engineer, Cloud Security

What if security was an opportunity and not an obstacle? What if it wasnt a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that too. At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower 9000+ customers across 120+ countries to seamlessly build security into the heart of their organizations.

But as Rapid7 continues to grow, so does our attack surface. Rapid7s internal security team is in a unique position to use our own products to secure our companys growing attack surface, and then share our learnings with our customers to help them achieve their security outcomes more effectively. Thats why were looking for a Lead Security Engineer to help us break new ground in a hybrid role that both secures our cloud infrastructure and helps our customers secure theirs using DivvyCloud. This role will report into Security Engineering within our Information Security group while also being embedded with our DivvyCloud team. Roughly 75% of your time will be spent on internal security work and the remaining ~25% of your time will be spent helping DivvyCloud customers.

Your profile

Are you passionate about building scalable solutions to cloud security problems and helping your fellow security practitioners do the same? Do you believe security should empower people to do their work safely and productively, with guardrails and not gates? Are you a security optimist, recognizing that humans are the most important part of the solution rather than the weakest link in the chain? Do you find yourself daydreaming about new solutions to old problems?

If youve been answering yes to these questions, then you might be the person were looking for! Keep reading to learn more about this unique opportunity to work on a security team at a security company.

The Role

  • Develop secure-by-design cloud infrastructure configurations/policies to prevent new cloud security issues

  • Build automation workflows to alert on & remediate new/existing cloud security issues

  • Collaboratively develop & implement secure system designs that empower teams to deliver results safely

  • Develop custom features/content for DivvyCloud to both improve customer outcomes & internal security

  • Provide expert advice to external customers on their DivvyCloud deployment/adoption & overall cloud security practices

  • Evangelize externally about cloud security & DivvyCloud best practices (via blogs, webinars, etc.)

  • Build positive relationships with partner teams to continuously improve our strategies for protecting our customers and company

  • Communicate complex topics in ways everyone can understand, from technical team contributors to non-technical C-level executives

  • Mentor team members around security, engineering, and collaboration best practices

  • Positively influence the culture of security at Rapid7

Qualifications and Traits

  • 4+ years securing cloud infrastructure (especially AWS), using infrastructure-as-code, compliance-as-code, and/or secure design policies to prevent new issues & auto-remediation workflows to clean up existing issues

  • Comprehensive experience securing cloud infrastructure used to run web applications

  • Strong experience in software development, building & integrating tools, especially with web APIs & Python

  • Experience with configuration management tools like Chef, Puppet, or Ansible

  • Experience with infrastructure-as-code using Terraform, Pulumi, or CloudFormation

  • Excellent time management & prioritization skills with a strong ability to plan, prioritize, and execute projects in coordination with other teams

  • Excellent ability to communicate to technical & non-technical audiences with a positive, collaborative, and enablement-focused attitude

  • Insatiable curiosity & desire to challenge conventional approaches to solving problems

Additional

  • Experience developing custom software tooling to solve security problems

  • Experience with GCP or Azure

  • Experience with containerization technology (Docker, Kubernetes)

  • Experience using DivvyCloud

  • Experience performing continuous threat modeling using frameworks such as STRIDE and tools such as Threat Dragon, Pytm, Threatspec, Threagile, etc.

  • Preferred locations: Boston, MA; Belfast, UK; Arlington, VA; Austin, TX; Los Angeles, CA; San Francisco, CA

#LI-MM2

Full-time

Employee Testimonials

James Green
Senior Director, Software Engineering

"My favorite memory of being a 'Moose' is our first ever company-wide hackathon in Cambridge. After a fun–filled week for the company kick-off, we still managed to deliver, through the night, on some amazing ideas."

Brett Garofalo
Manager, Mid-Market Sales

"I am not a natural–born salesperson or leader. Rapid7 gave me the mentorship opportunities and leeway to develop those skillsets. Having the support of my management allowed me to take risks and learn from mistakes instead of being tentative and afraid to put myself out there."

Aniket Menon Rapid7
Aniket Menon
Director, Product Management

"I love the infectious energy and fast–paced nature of the job. Unrelenting progress towards becoming the #1 company in Cyber Security. The sheer number of Products and Services we have launched in the last two years is a staggering achievement."

Dennis Nahas Rapid7
Dennis Nahas
Manager of Engineering, IT Devops

"The most fulfilling moments are seeing our products name dropped in the security press, knowing we all contributed to that."

Chris Wallace Rapid7
Chris Wallace
Director, People Strategy

"It's pretty cool to look around the room and know that I played a part in making all of that happen, and that I hopefully helped those people move into a role that they find really rewarding and exciting. Especially in a company where they in turn can have a big impact and take their careers to the next level. The fact that they are all good people, and that we all manage to have a bit of fun in the process, helps too."

Roy Hodgman Rapid7
Roy Hodgman
Manager, Data Scientist

"I feel that [our core value for] continuous learning best represents me because it's been essential to my career here. There are no shortage of tools and techniques that can be applied to the projects I work on, and despite what I think I might know about the problem at hand, more often than not there are new and novel ways to approach it."