Rapid7 was founded in 2000 to give our customers visibility into vulnerabilities in their IT environments with a comprehensive vulnerability management solution, something that didn't exist at the time. Today we're continuing our mission to advance security so others can securely advance with industry-leading security solutions. These solutions are powered by our Insight cloud: an analytics and automation platform that powers our products for vulnerability management, incident detection & response, orchestration & automation, application security, and DevOps & IT operations.
As Rapid7 and the Insight cloud continue to grow, so does our attack surface. We are looking for a software security engineer to join our product & platform security team in Boston.
If you are a software developer who wants to live & breathe in the world of security this is an ideal position for you. You will work closely with our product development, DevOps, and IT teams to develop solutions that improve the security posture of Rapid7's platform & products.
We are looking for a driven software security engineer to build automated security solutions for Rapid7's platform & products. As a valuable member of the InfoSec team you will be responsible for automating multiple application security tools to secure Rapid7's SDLC practices. In addition, you will develop scalable tools & solutions to secure Rapid7's cloud environments.
On a day-to-day basis you will be responsible for
Building automation for static code analysis in Rapid7's platform using vendor and open source tools
Piloting & automating software component analysis tools to mitigate Rapid7's exposure to third-party vulnerabilities
Building automation for dynamic code analysis for Rapid7's platform & products
Enabling effective security testing of numerous products and services
Developing automated baseline security scripts for essential developer tools like GitHub & Jenkins
Automating enforcement of cloud security policies across our AWS footprint
Defining baseline security for AWS environments
Working with partner teams for secure design review
Providing security guidance on core architectural & platform initiatives
Implementing security controls at scale
Building strong relationships with Rapid7's technical teams
Documenting code and features developed, including changes to existing code
Maintaining, troubleshooting and debugging code, as required
Researching external best practices and emerging software and security technologies for possible incorporation into platform/applications and methodologies
You must be good at
Software development in Python, Go, or equivalent programming language
Docker, Kubernetes, or other containerization technology
Developing with AWS services such as Lambda, EC2, S3, DynamoDB/RDS, ALB, Route53
Working with AWS services like Cloudtrail, Cloudwatch, Config & more
Design & development of products in an agile development environment
Experience with Configuration Management tools such as Chef, Puppet
Experience with Infrastructure as Code tools such as Terraform or AWS Cloudformation
Working with CI/CD pipelines
Testing driven development
Ensuring code follows security best practices
You have a leg up if you
Have experience working with Rapid7 tools
Worked with application security testing tools, such as static and dynamic analysis
Know how to write secure code
Know secure design principles
Flexible work hours
Employee stock purchase plan (ESPP)
Security conferences and training
Rapid7 is an equal opportunity employer. We value, support, and thrive on diversity and inclusion at our company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.