Lead Security Compliance Engineer

US - MA - Boston

Location(s)

US - MA - Boston

Team(s)

Information Security


What if security was an opportunity and not an obstacle? What if it wasn't a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that, too! At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations.

Partnering with our customers to build lasting trust is essential to our joint success. That's why we're looking for a Lead Security Compliance Engineer to join our Trust & Security Governance team, focusing on our policy and compliance related programs. This role will partner closely with our Platform Delivery (DevOps), Software Engineering, and IT teams to deliver on the program goals.

Responsibilities

  • Educate partner teams on compliance programs, workflows, and processes including upcoming changes

  • Perform risk assessment and control gap analysis against policies and standards such as ISO, SOC 2, PCI, FedRAMP, and NIST 

  • Create, organize, and articulate summarized risk findings that are clear and actionable by partner teams

  • Work closely with partner teams to deliver policy and compliance requirements in ways that are cost effective, align with business objectives and comply with security standards

  • Design, develop, and implement automation for continuous control monitoring, administrative tasks, and metric reporting for all security compliance programs

  • Monitor environments to verify the effectiveness of security controls and identify areas for improvement

  • Maintain knowledge of Rapid7's products, environment, systems, and architecture

  • Maintain knowledge of industry trends and security landscape to drive roadmap and continuous program evolution

  • Create and maintain solutions to automate the discovery and remediation of noncompliant resources

  • Support internal and external auditors or advisors as needed

Qualifications

  • Experience implementing compliance-as-code approaches and tools, such as Chef InSpec, Terraform Sentinel, CFN Guard, or Open Policy Agent (OPA)

  • Experience creating post-deployment security checks with tools such as AWS Config and the Config Rule Development Kit (RDK), DivvyCloud, Azure Policy, or GCP Cloud Asset Inventory

  • You are passionate about security chaos engineering

  • Experience with DevOps tools such as Salt, Puppet, Chef, or Ansible

  • Demonstrated experience with security audit, security control assessments, risk assessment and compliance

  • Experience with serverless technologies such as Lambda, Docker, and Kuberneetes

  • Demonstrated experience with security standards/frameworks such as ISO, SOC 2, PCI, FedRAMP, NIST, etc.

  • Experience managing the implementation or enhancement of security controls across diverse business units

  • Effective negotiating, critical thinking and problem-solving skills, including the ability to develop innovative risk mitigation solutions that address core issues with limited supervision

  • Hands-on experience with scripting and coding to automate systems and security administration tasks in Python, Go, Javascript, or Rust

 

Additional Qualifications

  • One or more of the following: AWS Certified Solutions Architect Professional, AWS Certified DevOps Professional, GCP Professional Cloud Security Engineer, GCP Cloud DevOps Engineer Professional, Azure Security Engineer, Azure Solutions Architect, Azure DevOps Engineer, Hashicorp Security Automation Certified