Remote (Global)

Rapid7 is hiring a Senior Security Researcher

About the Role

Rapid7 is looking for a Senior Security Researcher to join its Vulnerability Intelligence team. You will drive vulnerability discovery and analysis, researching zero-day and n-day threats to provide defenders with actionable insights.

What You'll Do

Work with the broader Vulnerability Intelligence team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents.
Perform and publish root cause analyses of high-priority vulnerabilities and potential threats.
Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed.
Conduct zero-day vulnerability research against popular enterprise technologies (e.g., network appliances, VPN gateways, CI/CD servers, file transfer and backup solutions, etc.).
Advise security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.

What We're Looking For

Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization, etc.).
Experience producing vulnerability root cause analyses (or other technical writing on vulnerabilities and exploits).
Hands-on experience reverse engineering, patch diffing, and developing exploits.
Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc.).
An instinct for where and how to obtain or emulate vulnerable software.
Deep empathy for the challenges that security teams and global organizations face; willingness to listen, mentor, and collaborate across teams.

Nice to Have

Prior experience developing Metasploit modules.
Prior experience reverse engineering at least one common enterprise software development language (e.g. Java, .NET, C/C++).

Technical Stack

IDA
Ghidra
Binary Ninja
Burpsuite

Team & Environment

You will be part of the Vulnerability Intelligence team at Rapid7, working in a dynamic and collaborative workplace where new ideas are welcome.

Work Mode

This is a remote position.

Required Skills

IDAGhidraBinary NinjaBurpsuiteVulnerability ResearchReverse EngineeringThreat IntelligenceMalware AnalysisExploit DevelopmentSecurity ToolingBinary AnalysisProtocol AnalysisPythonC/C++Scripting IDAGhidraBinary NinjaBurpsuiteVulnerability ResearchReverse EngineeringThreat IntelligenceMalware AnalysisExploit DevelopmentSecurity ToolingBinary AnalysisProtocol AnalysisPythonC/C++Scripting

Your first international client?

Don't lose them over invoicing

Clients ghost freelancers with unprofessional invoicing. Glopay gives you a real EU company partnership so they take you seriously from invoice #1.

Instant EU company partnership

Invoice builder with your branding

Automated payment reminders

Real-time payment tracking

Get EU company now

Ready in 24 hours

About company

Rapid7 creates a secure digital world for customers, industry, and communities by harnessing collective expertise and passion to challenge what’s possible and drive extraordinary impact.

All jobs at Rapid7 Visit website

Job Details

Category security

Posted 8 months ago