Rapid7 is looking for a Senior Security Researcher to join its Vulnerability Intelligence team. You will drive vulnerability discovery and analysis, researching zero-day and n-day threats to provide defenders with actionable insights.

What You'll Do

Work with the broader Vulnerability Intelligence team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents.
Perform and publish root cause analyses of high-priority vulnerabilities and potential threats.
Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed.
Conduct zero-day vulnerability research against popular enterprise technologies (e.g., network appliances, VPN gateways, CI/CD servers, file transfer and backup solutions, etc.).
Advise security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.

What We're Looking For

Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization, etc.).
Experience producing vulnerability root cause analyses (or other technical writing on vulnerabilities and exploits).
Hands-on experience reverse engineering, patch diffing, and developing exploits.
Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc.).
An instinct for where and how to obtain or emulate vulnerable software.
Deep empathy for the challenges that security teams and global organizations face; willingness to listen, mentor, and collaborate across teams.

Nice to Have

Prior experience developing Metasploit modules.
Prior experience reverse engineering at least one common enterprise software development language (e.g. Java, .NET, C/C++).