Sr. Metasploit Researcher at Rapid7

| Austin
!Sorry, this job was removed at 1:19 p.m. (CST) on Thursday, December 19, 2019

The Metasploit R+D team is responsible for growing the module repository that makes Metasploit Framework the world’s most popular exploitation framework, and for producing research on offensive techniques and trends that propel the security ecosystem forward. Earlier this year, we released MSF 5 after a long pause between major versions. Now, we’re thinking about the content and capabilities offensive operators need in MSF 6—from new exploits and innovative payloads to more intuitive targeting and stealthier movement within modern environments. 

We’re hiring a senior security researcher to develop high-quality modules, ideate and iterate on Framework features, and produce research that captures imaginations and inspires contributions from the security community. This role is based in Rapid7’s Austin, TX office. 

Metasploit Team Opportunities

Help Rapid7 and the Metasploit community work together toward a shared vision for the future of Metasploit Framework and its ecosystem. You will work with a talented global team to develop and maintain new modules and payloads for Framework, produce research on trends that pique interest from both offensive and defensive practitioners, and make substantial technical contributions as a senior member of an engineering product team. 

Desired Technical Skills

As a senior researcher, you’ll take ownership of scoping and delivering long-term research initiatives. You’ll need to balance development and security research and understand how each enhances the other. A good mix of skills includes:

  • Knowledge of Metasploit Framework. You understand what it's for and how to use it, and you have opinions on developing module content that makes it better. Strong opinions loosely-held are some of our favorites. 

  • Demonstrable experience writing standalone PoCs or Metasploit modules. Experience in penetration testing, red teaming, mobile security, or security research is highly desirable, as is familiarity with the tooling and techniques used to advance these disciplines.

  • Experience with Ruby, Python, or Go is a major plus; while Ruby is not necessarily important as your primary language, it is necessary to be able to understand and extend the techniques that Metasploit embodies. 

  • Conversant in distributed and open-source project development. You can review, merge, and rebase with aplomb.

  • Experience with vuln analysis, fuzzing, reverse engineering, and/or advanced exploitation techniques; familiarity with tools such as WinDBG, OllyDBG, GDB, IDA Pro, Burp Suite, Ghidra, etc.

  • Strong understanding of modern security mitigations and how to bypass them (e.g., stack cookies, SafeSEH, DEP, ASLR, CFG, and so on), as well as common detection capabilities and how to evade them. 

Soft Skills (just as important as technical skills)
  • As a senior researcher, you’ll bring and hone an instinct for when something belongs in Framework (technique, PoC, enhancement), how to best incorporate it (module, library, integration), and how to turn development trends into public-facing research that excites the community and showcases your technical leadership. Show us how you connect dots and spot patterns.

  • An appetite for mentorship and knowledge-sharing. Security research is often a solo activity; the desire and ability to communicate your expertise and its impact to others is crucial, and we have a strong preference for researchers who care about guiding and growing teammates.

  • Ability to learn and dig into code. The Metasploit Framework code base is large and was contributed by hundreds of developers. Not everything is spelled out, but everything is discoverable. Enthusiasm for code spelunking is a prerequisite for success.

  • Ability to learn and evaluate new technologies quickly. You’re comfortable with and excited about experimentation and uncertainty. 

  • Ability to work asynchronously and directly with a team of co-workers and volunteers from around the globe.

Ideally, you have a body of work you can point to that showcases your research and development interests. Have you published blogs or technical analysis of vulnerabilities, exploits, or techniques that interest you? Written purpose-built tools that made your life easier? Contributed to open-source projects? Show us what you're passionate about, where your curiosity lies, and how you've pulled things together to solve problems for yourself and others. 

Read Full Job Description
Apply now


Rapid7 is conveniently located in downtown Austin, with plenty of restaurants, bars, and public transport close by.

An Insider's view of Rapid7

What’s the vibe like in the office?

It has all the perks of a startup but well structured, goal driven, and supported growth as an employee from start to finish. Several places to relax or wind down after a call, and working in one of the most iconic buildings downtown. Welcome to the Austin office!


Senior Business Development Representative

What are Rapid7 Perks + Benefits

Volunteer in local community
Open office floor plan
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Retirement & Stock Options Benefits
401(K) Matching
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Family Medical Leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Promote from within
Time allotted for learning
Online course subscriptions available
Paid industry certifications
More Jobs at Rapid711 open jobs
All Jobs
Dev + Engineer