Lead Exploit Developer at Rapid7

| Austin
Sorry, this job was removed at 12:47 p.m. (CST) on Friday, June 26, 2020
Find out who's hiring in Austin.
See all Developer + Engineer jobs in Austin
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Rapid7’s offensive R+D team is responsible for keeping Metasploit the world's most popular exploitation framework, and for producing vulnerability and offensive research that propels the security ecosystem forward. Earlier this year, we released MSF 5 after a long pause between major versions. Now, we're thinking about the content and capabilities offensive operators need in MSF 6—from new exploits and innovative payloads to more intuitive targeting and stealthier movement within modern environments. 

Of Metasploit’s 4,000+ modules, exploits have long led the pack and served as our bread and butter. We're hiring a lead exploit developer to create high-value, high-quality exploit and other modules for Framework, and to publish technical analysis that inspires and educates the research community. 

We’d prefer candidates who are based in, or willing to relocate to, Rapid7’s Austin, TX office. Remote candidates may be considered depending on skills and team fit. 

Metasploit Team Opportunities

Help Rapid7 and the Metasploit community work together toward a shared vision for the future of Metasploit Framework and its ecosystem. You will work with a talented global team to develop new exploits, produce research on security trends that have an impact on both offensive and defensive practitioners, and make substantial technical contributions as a senior member of an engineering research team. 

Desired Technical Skills

As a lead R+D team member, you'll take ownership of prioritizing, developing, and delivering exploits that excite Metasploit users and help defenders understand and validate emergent threats. See 0day posted on Twitter? You can determine whether it’s worth weaponizing and communicate your analysis effectively to other teams. Patch Tuesday vulns garnering hype from news outlets and dev teams? You have measured opinions on what’s useful to attackers and which vulns you’d prioritize for exploit development. 

A good mix of skills includes:

  • Solid experience developing exploits, standalone PoCs, and/or Metasploit modules. Ideally, you should have a body of work you can point to that showcases your vuln research and exploit development interests. Show us how you connect dots and spot patterns!

  • Experience with vuln analysis, fuzzing, reverse engineering, and advanced exploitation techniques; hands-on familiarity with tools such as WinDBG, GDB, Wireshark, IDA Pro, Burp Suite, Ghidra, etc.

  • Solid working knowledge of different OS and network structures and protocols; experience with different classes of coding flaws and offensive primitives (e.g. integer/stack/heap overflows, use-after-free bugs, info leaks).

  • Strong understanding of modern security mitigations and how to bypass them (e.g., stack cookies, SafeSEH, DEP, ASLR, CFG, and so on), as well as common detection capabilities and how to evade them. 

  • Knowledge of Metasploit Framework. You understand what it's for and how to use it, and you have opinions on developing module content that makes it better. The emphasis is on exploits, but scanner, post, payload, and evasion modules are also in scope. Strong opinions loosely-held are some of our favorites. 

  • Conversant in distributed and open-source project development. You can review, merge, and rebase with aplomb.

  • Experience with Ruby, Python, or Go is a major plus; while Ruby is not necessarily important as your primary language, it is necessary to be able to understand and extend the techniques that Metasploit embodies. 

  • Experience with modern network topologies and application deployment platforms such as AWS, Azure, Kubernetes, and Docker is a plus.

Soft Skills (just as important as technical skills)
  • You'll bring and hone an instinct for which exploits and attack techniques offer the most value to Metasploit users and how to communicate the impact of your analysis to internal stakeholders and community members. 

  • The ability to learn ‘just enough’ of a language or technology in order to analyze it in the context of a vulnerability. 

  • A knack for speaking truth to power in the service of realistic prioritization—in other words, knowing when to cut your losses and re-focus on something that has a better chance of yielding results.

  • An appetite for mentorship and knowledge-sharing. Security research is often a solo endeavor; the desire and ability to communicate your expertise and its impact to others is crucial, and we have a strong preference for researchers who care about guiding and growing teammates.

  • Ability to learn and dig into code. The Metasploit Framework code base is large and was contributed by hundreds of developers. Not everything is spelled out, but everything is discoverable. Enthusiasm for code spelunking is a prerequisite for success.

  • Ability to work asynchronously and directly with a team of co-workers and volunteers from around the globe.

Show us what you're passionate about, where your curiosity lies, and how you've pulled things together to solve problems for yourself and others. 

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.


Rapid7 is conveniently located in downtown Austin, with plenty of restaurants, bars, and public transport close by.

An Insider's view of Rapid7

What’s the vibe like in the office?

It has all the perks of a startup but well structured, goal driven, and supported growth as an employee from start to finish. Several places to relax or wind down after a call, and working in one of the most iconic buildings downtown. Welcome to the Austin office!


Customer Success Representative

What are Rapid7 Perks + Benefits

Volunteer in local community
Eat lunch together
Open office floor plan
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Retirement & Stock Options Benefits
401(K) Matching
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Family Medical Leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Promote from within
Time allotted for learning
Online course subscriptions available
Paid industry certifications
More Jobs at Rapid76 open jobs
All Jobs
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Rapid7's full profileSee more Rapid7 jobs