Jobs//Hybrid//Cybersecurity + IT//

Metasploit Security Researcher

Rapid7
| Hybrid
Sorry, this job was removed at 11:03 a.m. (CST) on Friday, August 2, 2019
View 153 Jobs
Find out who's hiring in Austin.
See all Cybersecurity + IT jobs in Austin
View 153 Jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job

The Metasploit R+D team is responsible for growing the module repository that makes Metasploit Framework the world’s most popular exploitation framework, and for producing research on offensive techniques and trends that keep pushing the security ecosystem forward. Earlier this year, we released MSF 5 after a long pause between major versions. Now, we’re thinking about the content and capabilities offensive practitioners need in MSF 6—from new exploits and innovative payloads to more intuitive targeting and stealthier movement within modern environments. 

Want to help us get there? We’re hiring a security researcher to develop high-quality modules and produce research that continues to inspire contributions and interest from a growing community. 

This role is based in Rapid7’s Austin, TX office. Local applicants are strongly preferred; remote applicants may be considered based on experience and team fit. Seniority level is also flexible depending on experience and team fit.

Metasploit Team Opportunities

Help Rapid7 and the Metasploit community work together toward a shared vision for the future of Metasploit Framework and its ecosystem. You will work with a talented global team to develop and maintain new modules and payloads for Framework, produce research on trends that pique interest from both offensive and defensive practitioners, and make substantial technical contributions as a key member of a cross-functional team. You will have the opportunity to diagnose and understand user needs directly. The community is your customer!

Desired Technical Skills

As a Metasploit researcher you’ll need to balance module development and security research and understand how each enhances the other. A good mix of skills includes:

  • Knowledge of Metasploit Framework. You understand what it's for and how to use it, and you have opinions on how to develop module content that makes it better. Strong opinions loosely-held are some of our favorites.

  • Experience writing standalone PoCs or Metasploit modules. Experience in penetration testing, red teaming, mobile security, or security research is a plus, as is familiarity with the tooling and techniques used to advance these disciplines.

  • Experience with Ruby, Python, or Go is a major plus; while Ruby is not necessarily important as your primary language, it is important to be able to understand and extend the techniques that Metasploit embodies. 

  • Conversant in distributed and open-source project development. You can review, merge, and rebase with aplomb.

  • Interest in vuln analysis, fuzzing, reverse engineering, and/or advanced exploitation techniques; familiarity with tools such as WinDBG, OllyDBG, GDB, IDA Pro, Burp Suite, etc.

  • Understanding of modern security mitigations and how to bypass them (e.g., stack cookies, SafeSEH, DEP, ASLR, CFG, and so on)

Soft Skills (just as important as technical skills)

  • Interest in hacking and hacker culture, genuine curiosity about how things work, and willingness to figure stuff out.

  • Ability to learn and dig into code. Metasploit Framework is comprised of more than a million lines of code contributed by hundreds of developers. Not everything is spelled out, but everything is discoverable. 

  • Ability to learn and evaluate new technologies quickly. You’re comfortable with and excited about experimentation and uncertainty. The R+D team encounters and analyzes lots of artifacts and oddities on a regular basis: CVEs, PoC, vulnerable applications, vendor patches, blogs, pastes, Twitter threads, stack traces, error messages, you name it. You’ll bring and hone an instinct for when something belongs in Framework, how to best incorporate it (e.g., module, library, integration?), and what strikes a balance between “intuitive for users” and “maintainable for developers.”

  • Ability to work asynchronously and directly with a team of co-workers and volunteers from around the globe.

Ideally, you have a body of work you can point to that showcases your research and development interests. Have you published blogs or technical analysis of vulnerabilities, exploits, or techniques that interest you? Written purpose-built tools that made your life easier? Contributed to open-source projects? Show us what you're passionate about, where your curiosity lies, and how you've tried to pull things together to solve problems for yourself and others.

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • GolangLanguages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • jQueryLibraries
    • ReactLibraries
    • ReduxLibraries
    • DjangoFrameworks
    • ExpressFrameworks
    • FlaskFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • TensorFlowFrameworks
    • CassandraDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • PostgreSQLDatabases
    • RedisDatabases
    • Google AnalyticsAnalytics
    • OptimizelyAnalytics
    • IllustratorDesign
    • InVisionDesign
    • PhotoshopDesign
    • SketchDesign
    • AsanaManagement
    • ConfluenceManagement
    • JIRAManagement
    • WordpressCMS
    • SalesforceCRM

Location

Rapid7 is conveniently located in downtown Austin, with plenty of restaurants, bars, and public transport close by.

An Insider's view of Rapid7

What’s the vibe like in the office?

The vibe of the Rapid7 Austin office is a perfect mix of energizing and inviting. Our vibrant office design, diverse team makeup & monthly events keep the space buzzing! There is definitely a more laidback attitude here in Austin and I feel our office perfectly embodies that while still being a space where we can come to get amazing work done.

Cass

Customer Success Representative

What are some things you learned at the company?

It’s not just the customer who benefits from the culture of compassion. Internally, Rapid7 employees look out for each other and work together to solve problems. Oftentimes, this ends up helping all parties.

Becky

Senior Director, Customer Success

What are Rapid7 Perks + Benefits

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Remote work program
Our remote work program includes full-time remote for specific positions, Work remotely on occasion as needed.
Diversity
Dedicated diversity and inclusion staff
Highly diverse management team
Rapid7 is led by a diverse management team that represent the security community we serve. We believe that we all have a responsibility to continuously improve our DE&I efforts.
Mandated unconscious bias training
We believe in continuous learning, our in-house trainers conduct consistent diversity trainings. We advocate for diverse thinking and strive to cultivate a workforce that mirrors the best minds.
Diversity employee resource groups
We have so many amazing and organically created employee resource groups! These internal Rapid7 communities allow for an authentic experience where diverse employees and allies can come together.
Hiring practices that promote diversity
We've taken the Parity Pledge, we reinforce strategic recruitment, we are committed to diversity partnerships, and we understand the importance in training around unconscious bias.
Health Insurance + Wellness
Flexible Spending Account (FSA)
Dental insurance
Vision insurance
Health insurance
Life insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Employee stock purchase plan
Performance bonus
Child Care & Parental Leave
Generous parental leave
Family medical leave
Vacation + Time Off
Unlimited vacation policy
Paid volunteer time
Our employees receive unlimited hours per year of paid volunteer time.
Paid holidays
Paid sick days
Employees receive unlimited hours per year of paid sick leave.
Office Perks
Commuter benefits
Company-sponsored outings
Free snacks and drinks
Some meals provided
Employees get free lunch during quarterly in-office Town Halls and some team meetings.
Company-sponsored happy hours
Onsite office parking
Fitness stipend
Home-office stipend for remote employees
Professional Development
Job training & conferences
Lunch and learns
Promote from within
Continuing education stipend
Variable.
Continuing education available during work hours
Online course subscriptions available
Paid industry certifications
View full list of perks + benefits

More Jobs at Rapid7

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about Rapid7Find similar jobs like this