The Metasploit R+D team is responsible for working with the open-source contributors to add new modules and features to Framework, and for producing research that excites and inspires the security community. Earlier this year, we released MSF 5 after a long pause between major versions. Now, we're thinking about the content and capabilities offensive operators need in MSF 6—from new exploits and innovative payloads to more intuitive targeting and stealthier movement within modern environments.
We're hiring a level 1 security researcher to help us build the next generation of Metasploit talent. As a member of the R+D team, you'll work on Metasploit community PRs, help out with issues, and hone your instinct for picking out high-value targets and vulnerabilities.
This role is based in Rapid7's Austin, TX office.
Help Rapid7 and the Metasploit community work together toward a shared vision for the future of Metasploit Framework and its ecosystem. You will work with a talented global team to develop new modules and payloads for Framework, produce research on trends that pique interest from security practitioners, and make substantial technical contributions to Rapid7's products organization.
Good understanding of CS and programming principles; experience with at least one scripting language. Experience with Ruby, Python, or Go is a major plus, but Ruby is definitely not necessary as your primary language—you'll learn a lot on the job.
Proficiency with Unix/Linux or Windows command line
Experience with debugging tools such as WinDBG, OllyDBG, or GDB; some familiarity with reversing and security testing tooling like IDA Pro, Burp Suite, Ghidra, and so on is a major plus.
Interest in exploit development and vuln analysis; basic understanding of different security vulnerabilities is helpful (e.g., buffer overflow, SQL injection, DoS, SSRF).
Strong interest in distributed and open-source project development.
Interest in, or experience with, modern network topologies and application deployment platforms such as AWS, Azure, Kubernetes, and Docker is a plus.
Passion for Metasploit, open-source development, and community interaction.
Ability to learn and dig into code. The Metasploit Framework code base is large and was contributed by hundreds of developers. Not everything is spelled out, but everything is discoverable. Enthusiasm for code spelunking is a prerequisite for success.
Strong interest in security research and hacker culture.
Ability to evaluate new technologies and techniques quickly, to learn just enough of a technology. Curiosity is king!
Ability to work asynchronously and directly with a team of co-workers and volunteers from around the globe.