remote Full-time

Rapid7 is hiring a Senior Security Researcher

About the Role

Rapid7 is looking for a Senior Security Researcher to join its Vulnerability Intelligence team. You will drive vulnerability discovery and analysis, researching zero-day and n-day threats to provide defenders with actionable insights.

What You'll Do

  • Work with the broader Vulnerability Intelligence team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents.
  • Perform and publish root cause analyses of high-priority vulnerabilities and potential threats.
  • Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed.
  • Conduct zero-day vulnerability research against popular enterprise technologies (e.g., network appliances, VPN gateways, CI/CD servers, file transfer and backup solutions, etc.).
  • Advise security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.

What We're Looking For

  • Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization, etc.).
  • Experience producing vulnerability root cause analyses (or other technical writing on vulnerabilities and exploits).
  • Hands-on experience reverse engineering, patch diffing, and developing exploits.
  • Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc.).
  • An instinct for where and how to obtain or emulate vulnerable software.
  • Deep empathy for the challenges that security teams and global organizations face; willingness to listen, mentor, and collaborate across teams.

Nice to Have

  • Prior experience developing Metasploit modules.
  • Prior experience reverse engineering at least one common enterprise software development language (e.g. Java, .NET, C/C++).

Technical Stack

  • IDA
  • Ghidra
  • Binary Ninja
  • Burpsuite

Team & Environment

You will be part of the Vulnerability Intelligence team at Rapid7, working in a dynamic and collaborative workplace where new ideas are welcome.

Work Mode

This is a remote position.

Required Skills
IDAGhidraBinary NinjaBurpsuiteVulnerability ResearchReverse EngineeringThreat IntelligenceMalware AnalysisExploit DevelopmentSecurity ToolingBinary AnalysisProtocol AnalysisPythonC/C++Scripting
Need to work legally in Thailand?

Work permits without the paperwork nightmare

Thai immigration rules are strict and easy to get wrong. SVBL handles the bureaucracy — correct visa type, proper documentation, timely submissions. You focus on your work.

Right visa type for your situation
Document preparation & submission
Deadline tracking & renewals
Direct liaison with immigration
Talk to an expert
10+ years experience
About company
Rapid7

Rapid7 creates a secure digital world for customers, industry, and communities by harnessing collective expertise and passion to challenge what’s possible and drive extraordinary impact.

Visit website
Job Details
Category security
Posted 7 months ago