Manager, Security Engineering - Application Security

US - MA - Boston

Location(s)

US - MA - Boston, US - CA - Los Angeles, US - TX - Austin, US - CA - San Francisco, Northern Ireland - Belfast

Team(s)

Information Security


Manager, Security Engineering - Application Security

At Rapid7, we're on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations. 

Our internal Information Security team plays a crucial role in supporting our mission: we're heavily focused on removing barriers to great security by partnering with other teams to reduce risk so we can sustainably deliver on our mission to our customers. On top of that, we get to “eat our own dogfood” as Rapid7's Customer Zero: we use all of our products to advance our security program, and we provide valuable feedback about how to improve our products for our and our customers' benefit.

We're looking for a Security Engineering Manager to lead our Application Security team, who empower our employees to deliver secure applications at scale so our company and customer data/systems are protected from compromise. Our Application Security team partners closely with our Platform Delivery (DevOps), Software Engineering, Product Management, and IT teams to provide security guard rails that seamlessly integrate with our SDLC in ways that make it easier for engineers to deliver secure applications and reduce risk to our customers and company. 

Your profile

Are you looking for a new opportunity to channel your application security expertise into providing a vision and strategy for a team of security engineers to execute on? Are you excited to scale the positive impact you want to have on the security world by leading a team of talented security practitioners? Do you eagerly seek out and embrace feedback from perspectives different from your own? 

If you've been answering “yes” to these questions, then you might be the person we're looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company. 

What you'll do

  • Lead an application security engineering team responsible for code security, secure SDLC, secure application architecture, and application configuration hardening

  • Partner with our IT, DevOps, Software Engineering, Product Management, and other Information Security teams throughout the application lifecycle 

  • Build positive relationships with partner teams to continuously improve our application security strategies and priorities for protecting our customers and company

  • Curate metrics to demonstrate the effectiveness of our application security program and inform continuous program improvements

  • Work closely with Security Engineering leadership to evolve and maintain the vision, strategy, and roadmap for our application security program

  • Provide feedback and recommendations to product teams on ways to improve Rapid7's products and partner ecosystem

  • Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives

What you'll bring

  • Experience managing security teams or engineering teams

  • Knowledge of secure web application architecture

  • Experience implementing application security tools (SCA, SAST, RASP, WAF, DAST)

  • Experience developing software using Java, JavaScript, Go, and/or Python

  • Experience with threat modeling using frameworks such as STRIDE and tools such as ThreatDragon, pytm, ThreatSpec, Threagile, etc.

  • Experience implementing microservice-based web applications with modern cloud infrastructure services, especially in AWS

  • Experience using container and container orchestration technology (Docker, Kubernetes)

  • Experience with CI/CD tools (Jenkins, Spinnaker)

  • Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams

  • Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude

  • Insatiable curiosity and desire to challenge conventional approaches to solving problems

Pluses

  • Experience with DevOps tooling, such as Terraform, Chef, or Puppet

  • Experience with securing Docker, Kubernetes, or other containerization technologies

Equal Opportunity Employer 

Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it's the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!