Technical Product Manager - VRM (Metasploit Framework)

Location: Remote U.S., Belfast, Dublin, Austin, Toronto, or Boston

Job Description

Spanning more than a million lines of code written by hundreds of developers over the past 18 years, Metasploit Framework is a many-tentacled organism whose depths never fail to surprise (and occasionally even delight!) its users and maintainers. Over the years, Metasploit has grown in complexity, amassing thousands of modules and payloads and gaining many new features. We’re looking for a technical product manager to help Rapid7 and the open-source community work together toward a shared vision for the future of Metasploit Framework as we seek to modernize, simplify, and extend the project. 

Responsibilities

You will work alongside a talented global team of researchers and engineers as a key member of the Metasploit Framework team, which resides in the research division of Rapid7’s Vulnerability Risk Management (VRM) practice. 

• Work closely with engineering and research teams to determine user needs and map technical work to command line workflows that help users achieve desired outcomes. You will use your technical knowledge to help the engineering teams define product requirements, prioritize trade-offs, and measure impact.

• Own and organize a cross-team Jira backlog to help the Framework teams see the big picture and drive efficiencies.

• Devise ways of measuring feature adoption and gauging user satisfaction; as an open-source project for a security- and privacy-conscious user base, Metasploit Framework intentionally does not track usage—creativity in applying an analytical approach to measuring user outcomes is essential.

• Create roadmaps, internal presentations, objectives, and key results (OKRs); communicate progress to Rapid7 and community audiences, acting as a product advocate and subject matter expert. 

• Work directly with the community as needed. One of the benefits of working on a well-known open-source project is a large, diverse community of both developers and users, from beginners to hardcore operators. You’ll have the opportunity to interact with the community both online and IRL—they are your customer!

Key competencies:

• Knowledge of Metasploit Framework and offensive security tools. You know what Metasploit is for and how to use it, you understand its major components, and you have ideas about how to help build high-quality technical decision-making processes that will ensure its continued relevance and popularity. 

• Familiarity with Metasploit’s tech stack is a big plus. You don’t need to be an exploit developer or expert Rails engineer, but you must have the technical skills to understand (or be able to quickly learn) Metasploit’s code base, dependencies, and development lifecycle. You’ll need at least a working knowledge of software development.

• Experience in at least one of the following: technical product/project management, penetration testing or red team operations, security research, security engineering, and/or security operations.

• Proficiency with Google Slides is highly desirable.

• Experience in—or willingness to learn about!—open-source project development.

• Willingness to truly partner with engineering and research leaders on defining strategy and priorities. Nobody knows everything about Metasploit, and we won’t expect you to, either. You’ll be able to lean on and support great technical leads who will be your peers.

• Experience with Agile and Scrum development methodologies is helpful, but more important is the ability to organize, analyze, and prioritize with imperfect data and a positive attitude. 

• Working knowledge of any of the following is helpful: operating systems, network structures, protocols, modern security mitigations (e.g, stack cookies, SafeSEH, DEP, ASLR, CFG, and so on), or endpoint/network detection capabilities.

What you’ll get:

• A remote-friendly team who cares about each other, prioritizes open information whenever possible, and respects your unique strengths, weaknesses, and boundaries.

• A chance to influence and act as a joint steward for one of the best-known, most influential projects in the security world, and the opportunity to help drive open-source strategy across Rapid7. 

• The ability to work with and learn from some of the lowest-ego, kindest folks in the security business. They’re smart and driven, too, but they are kind to one another and the community first and foremost (always).

• A role with lots of opportunity for growth and leadership, and a cross-functional team who will cheer you on, brag about your work, and advocate for your point of view. You will have access to other product management teams within Rapid7 who will confirm and challenge your perspective and help you grow as a TPM.

• A manager who will listen to feedback, partner with you on defining a career path that excites and inspires you, and support you in prioritizing work-life balance that keeps you healthy and happy.

• The opportunity to be part of a company that’s thinking strategically about its future in the industry and its ability to solve problems for the long term. Rapid7 genuinely cares about accessibility and security achievement for its customers. Both VRM and executive leaders also care deeply about research and open source—and they put their money where their mouths are!