Principal Security Researcher
Job Overview
The Labs team, as part of the Office of the CTO, utilizes our cyber security skills to establish a leading understanding of worldwide emerging attacker methodologies. In this role, you’ll apply your security domain expertise to study billions of ipv4 and ipv6 addresses across the internet through Sonar, our multi-petabyte internet scanning platform. You will be responsible for building new studies, evangelizing breaking security issues, and helping Rapid7 customers through rapid prototyping of solutions to those discovered problems. We’re seeking an insatiably curious, smart, agile researcher who wants to work with a tight-knit team on a security research platform that cannot be found anywhere else. If that sounds like you, we would love to talk!
Essential Responsibilities
Enhance scalable architectures for internet-wide active/passive scanning and threat intelligence
Work with researchers inside and outside of Rapid7 to detect, measure and communicate impactful security issues (blog posts, Rapid7 Open Data, talks at conferences, …)
Help develop the tools and analysis frameworks to support large-scale research efforts across the company
Write blog posts, participate at conferences and represent Rapid7's research efforts in the public eye
Assist other teams and customers with vulnerability research and impact analysis of breaking issues
Create meaningful prototypes to enhance Rapid7 products
Job Requirements
Security Domain Expertise, in any of the following areas:
IDS/IPS/Firewall management
exploiting memory corruption bugs
secure coding best practices
firmware reverse engineering
applied cryptography
Strong programming skills in python, bash or ruby.
Strong familiarity with Linux runtime environments for application development.
Strong communication skills.
Strong debugging skills, including the ability to reproduce a bug given limited information and/or time.
Experience with packet dissection of various network protocols (tds, mssql, cifs, ftp, http, etc.).
Experience with managing deployments into Amazon Web Services (AWS) is a plus.
An understanding of the Git version control system and/or github.com.
Experience with the Java or Scala programming languages is a plus.
Participation in open source projects is a plus.
Experience with malware analysis (including tools such as IDA) is a plus