Lead Security Architect

Northern Ireland - Belfast

Location(s)

Northern Ireland - Belfast

Team(s)

Information Security


Lead Security Engineer - Application Security

At Rapid7, we're on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations. 

Our internal Information Security team plays a crucial role in supporting our mission: we focus on removing barriers to great security by partnering with other teams to reduce risk so we can sustainably deliver on our mission to our customers. We use all of our products to advance our security program, and we provide valuable feedback about how to improve our products for our benefit and our customers' benefit.

We're looking for a Lead Security Engineer to help advance our Application Security program, which is focused on empowering our employees to deliver secure applications at scale so our company and customer data/systems are protected from compromise. Our Application Security team partners closely with our Platform Delivery (DevOps), Software Engineering, Product Management, and IT teams to provide security guard rails that seamlessly integrate with our SDLC in ways that make it easier for engineers to deliver secure applications and reduce risk to our customers and company. 

Your profile

Are you looking for a new opportunity to channel your application security expertise into scaling security guard rails that make it easy for developers to deliver secure applications? Do you want to build and implement tools to create a seamless secure SDLC? Do you eagerly seek out and embrace feedback from perspectives different from your own? 

If you've been answering “yes” to these questions, then you might be the person we're looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company. 

What you'll do

  • Implement and tune application security tools with developer user experience in mind, such as SCA, SAST, DAST, RASP, WAF

  • Automate and integrate security processes and controls throughout our entire SDLC, from IDEs to source control systems to CI/CD pipelines to production deployments

  • Define hardening and secure design standards and use them to perform application security reviews in partnership with developer teams

  • Mentor team members around security, engineering, and collaboration best practices

  • Build positive relationships with partner teams in IT, DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company

  • Help create metrics to demonstrate the effectiveness of our application security program and inform continuous program improvements

  • Provide feedback and recommendations to product teams on ways to improve Rapid7's products and partner ecosystem

  • Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives

What you'll bring

  • Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10)

  • Experience implementing application security tools (SCA, SAST, RASP, WAF, DAST)

  • Experience developing software using Java, JavaScript, Go, and/or Python

  • Experience implementing microservice-based web applications with modern cloud infrastructure services, especially AWS

  • Experience using container and container orchestration technology (Docker, Kubernetes)

  • Experience with CI/CD tools (Jenkins, Spinnaker)

  • Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams

  • Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude

  • Insatiable curiosity and desire to challenge conventional approaches to solving problems

Pluses

  • Experience with DevOps tooling, such as Terraform, Chef, or Puppet

  • Experience with securing Docker, Kubernetes, or other containerization technologies

  • Experience with threat modeling using frameworks such as STRIDE and tools such as ThreatDragon, pytm, ThreatSpec, Threagile, etc.