Ever wonder what it's like to be part of Rapid7's vulnerability content team? Now's your chance! However, if you're not exactly sure what that means or are worried about mismatched expectations, then let me tell you a story.
This is a story about a fellow named Alex (fictional character; all resemblance is purely coincidental). Alex is a bright, enthusiastic lad with a keen interest in knowing what's going on in the security landscape. She's genuinely excited and curious (and equal parts worried) when new breaking exploits are released. The first thing that comes to her mind when a new 0-day drops is: “Whoa, our customers are going to be right to be concerned! How am I going to help them understand if they're at risk?”. That's the kind of person Alex is. She'll immediately roll up her sleeves, grab a cappuccino at the office kitchen's fancy espresso maker, pull up some references in Ruby, and begin to investigate how to translate key aspects of the exploit so that Rapid7's InsightVM product can be used to help customer get the facts on the risk in their environment.
How does it all work? Well, that's part of the secret sauce! But for the sake of having an easy glance at some of the technology we use, here is an incomplete list:
XML/JSON (and XSD schemas)
XPaths & Regular Expressions
With those technologies, the problems we solve regularly involve understanding how to identify different products for what they are, how they're configured, and how systems respond when poked in different ways. Then we take that knowledge and build flexible and resilient software to do our bidding.
What we're looking for
You have grit - we're at the forefront of the creative world of exploits and vulnerabilities. Some days, we will have our work cut out for us. Some days it'll be quiet. But no matter what your task is, you're known as someone that's going to persevere and deliver your best.
You're pragmatic - everyone loves technology! You should too! But you also know that technology is a means to the end and the end we seek is customer value. Sometimes, the best choices aren't the shiniest choices and you're okay with that.
You're never done learning or growing - you'll make mistakes. But you're the kind of person that won't let it linger and seek to learn from the experience.
You're a seasoned problem solver - when it comes to tackling problems big or small, you have a knack for breaking them down into decoupled, atomic pieces. You're not afraid of duplicating a bit of work in the pursuit of visible incremental steps.
You understand the importance of effective communication - You've worked a lot with various types of personalities. And from past experiences, you're discovering how the importance of effective communication is beginning to overshadow the importance of writing great code.
You're humble and confident - You're confident enough with your skills that you don't need to constantly prove that you're a rock star. And it's with that same confidence and humility that you know when to adjust and be flexible to the constraints set upon us by technology or, sometimes more importantly, the people we work with.
What's nice to have
You've lived and breathed multiple SDLC methodologies - from experiencing waterfall, Scrum and/or Kanban, you've come to learn of the benefits and pitfalls of all these approaches. With that, you've come out with a healthy appreciation of understanding how all the various artifacts have to offer in different situations.
You're a seasoned developer - when it comes to paradigms and ideals behind things like ETL, microservices, and being API-centric to solve problems, you've built yourself a good body of knowledge from being hands-on with your work. Now your keyword search skills are at another level.
You've dabbled in multiple languages - Ruby, Java, Go, Python. The list goes on and on because you've understood core principles underlying the different languages. But if your language of choice is already poetic Ruby, that'd be a welcomed coincidence.
You navigate everything using a keyboard - You don't need a mouse to get to the text you're looking for. Regular expressions and XPaths (well, and keyboard shortcuts) are all you need!
Still interested? We'd love to hear from you!