Rapid7 Senior Security Researcher 

Czechia, Prague, Prague 

813858285

About the Role

In this role, you will:

• Work with the broader security research team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents (note: there is no on-call requirement for this role)

• Perform and publish root cause of high-priority vulns and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability intelligence

• Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed. We believe strongly that defenders benefit from having democratic access to offensive security capabilities in order to understand attacks and test their controls!

• Conduct zero-day research on popular enterprise technologies (e.g., network appliances, security gateways, CI/CD servers, file transfer and backup software, core operating systems, virtualization technologies, etc)

• Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.

The skills you’ll bring include:

• Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization). We don't expect you to know everything, but you should be comfortable digging in to both learn and apply new or unfamiliar techniques when needed.

• Experience producing vulnerability (or other technical writing on vulns and exploits).

• Hands-on experience reverse engineering, patch diffing, and developing exploits; prior experience developing Metasploit modules is a plus.

• Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc)

• An instinct for where and how to obtain or emulate vulnerable software. We can’t perform hands-on analysis without targets—sometimes we have lab targets, sometimes there are AMIs available, and sometimes we have to get creative.

• Deep empathy for the challenges that security teams and global organizations face in today's threat climate; willingness to listen, mentor, and collaborate across teams.