Senior Security Engineer - AppSec (New York) at Rapid7 (Remote)
At Rapid7, we’re on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations.
Our internal Information Security team plays a crucial role in supporting our mission: we focus on removing barriers to great security by partnering with other teams to reduce risk so we can sustainably deliver on our mission to our customers. On top of that, we get to “eat our own dogfood” as Rapid7’s Customer Zero: we use all of our products to advance our security program, and we provide valuable feedback about how to improve our products for our benefit and our customers’ benefit.
We’re looking for a Senior Security Engineer to help advance our Application Security program, which is focused on empowering our employees to deliver secure applications at scale so our company and customer data/systems are protected from compromise. Our Application Security team partners closely with our Platform Delivery (DevOps), Software Engineering, Product Management, and IT teams to provide security guard rails that seamlessly integrate with our SDLC in ways that make it easier for engineers to deliver secure applications and reduce risk to our customers and company.
Are you looking for a new opportunity to channel your application security expertise into scaling security guard rails that make it easy for developers to deliver secure applications? Do you want to build and implement tools to create a seamless secure SDLC? Do you eagerly seek out and embrace feedback from perspectives different from your own?
If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company.
What you’ll do
Implement and tune application security tools with developer user experience in mind, such as SCA, SAST, DAST, RASP, WAF
Automate and integrate security processes and controls throughout our entire SDLC, from IDEs to source control systems to CI/CD pipelines to production deployments
Define hardening and secure design standards and use them to perform application security reviews in partnership with developer teams
Build positive relationships with partner teams in IT, DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company
Help create metrics to demonstrate the effectiveness of our application security program and inform continuous program improvements
Provide feedback and recommendations to product teams on ways to improve Rapid7’s products and partner ecosystem
Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives
What you’ll bring
Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10)
Experience implementing application security tools (SCA, SAST, RASP, WAF, DAST)
Experience implementing microservice-based web applications with modern cloud infrastructure services, especially AWS
Experience using container and container orchestration technology (Docker, Kubernetes)
Experience with CI/CD tools (Jenkins, Spinnaker)
Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
Insatiable curiosity and desire to challenge conventional approaches to solving problems
Experience with DevOps tooling, such as Terraform, Chef, or Puppet
Experience with securing Docker, Kubernetes, or other containerization technologies
Experience with threat modeling using frameworks such as STRIDE and tools such as ThreatDragon, pytm, ThreatSpec, Threagile, etc.
Equal Opportunity Employer
Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it’s the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!