Security Engineer II

VA Arlington 22203


VA Arlington 22203


Security Services

Location: Arlington, VA (Potential consideration for Dublin or Melbourne, Australia) 

Team: Managed Services 


Role Overview:

Have you worked in or with a SOC before and found significant success solving team-wide problems via writing scripts and/or standing up infrastructure? Have you developed in a fast-paced DevOps style manner that knows how to solve for today and iterate to perfection? Can you derive, and help others derive, meaning from mangled and obfuscated data (i.e. parse and display forensic artifacts, obfuscated PowerShell, Raw hex, Base64, Rot13)? If given API access, can you ruthlessly interrogate it to derive valuable information? 

Rapid7 is looking for security practitioners with engineering skills or engineers/coding professionals with information security skills to support Rapid7's Managed Services teams (MDR, IR, TIDE, MAS, MVM, etc). 

This role is looking for someone that lives for the development of fast and practical tools and applications that solve the SOC  problems of today, plan for the SOC problems of tomorrow, and acts as a true force multiplier for front-line security practitioners (24x7 SOC analysts, threat hunters, IR consultants, ). Your ability to successfully carry out the core functions of this role will require strong communication skills, high ops-tempo, and unwavering sense of self-accountability. 


  • Take initiative in making the hunt for evil less taxing on the SOC  

  • Maintain a strong sense of urgency and integrity in your work. 

  • There is an expectation for continuous progress and "picking up a shovel."  Always work smarter, it's not just code: fix inadequate processes, teach, present, etc.

  • We can train you to communicate solutions and outcomes cleanly and clearly, but we don't promote "salesmanship" in technical work.

  • Perform research and enhance skills to solve the underlying problems vs. closing tickets “to spec”.

  • Even if you haven't already implemented it before, the expectation of this hire would be to understand when and why people choose the following:

    • Terraform vs cloud formation

    • SQS vs Cloudtrail triggers for Batch vs. Lambda

    • Postgres vs. Mongo vs. Elastic, 

    • Whonix vs. Cuckoo vs. SIFT. 


Writing code in Python, Django, Flask, Javascript, Angular, React, Golang while:

  • Aligned to the SOC's needs

    • Data Analysis: Pandas, PostgreSQL, MongoDB, Elastic, and any AWS corollaries

    • Data Delivery: DBs/Forensic Artifacts/etc <-> JSON, CSVs, Datatables

    • Data Accessibility: API-first, scripts/CLI tools, web apps, controlled cloud access (AWS)

    • Data Relevance: what data the SOC needs, why they want it, and how they need it

  • Deploying at a high cadence (DevOps):

    • CI/CD: Github -> Jenkins (Chef, Saltstack, Ansible, Puppet experience also works)

    • IAC: Terraform (Cloudformation, etc also works)

    • Several deployments per person, per week

  • Testing Practically: 

    • programmatic: unit tests

    • functional: locally with docker instances and dev. environments

    • live: you're not done after a prod deploy. Log monitoring & rotating on-call. Think SRE


  • Unlimited vacation

  • Shared working spaces

  • Flexible work hours

  • 401k matching

  • Work from home flexibility (case by case basis)

  • Weekly learning sessions on voted topics regarding ongoing attacker campaigns and new tech.

  • Spare work cycles for R&D and personal growth