Rapid7 Manager Vulnerability Research 

Czechia, Prague, Capital City of Prague 

88100059

About the Role

In this role, you will:

• Manage a small bench of skilled senior researchers, coaching and unblocking on day-to-day vulnerability analysis tasks; you’ll help prioritize, drive operational efficiencies, and conduct regular 1:1s and performance reviews to further develop our top-tier talent!

• Lead Rapid7’s external vulnerability disclosure program. You’ll work with researchers to develop summaries of new vulnerabilities, report them to vendors, reserve and populate CVEs, and coordinate public disclosures with Rapid7 teams and external vendors, ensuring compliance with Rapid7’s .

• Prioritize, review, and suggest refinements to team vulnerability root cause , exploit and PoC implementations, and CVE impact assessments, drawing on public data and your own experience to help the team paint a clear, holistic picture of risk for common threat models.

• Take an active operational role in triaging and prioritizing new CVEs that may qualify for customer-facing emergent threat ; you’ll advise on process changes, write operational documentation, and/or implement automation that drives faster positive outcomes for customers and cross-team stakeholders.

• Assist in planning and delivering vulnerability intelligence blogs and long-form research reports, identifying patterns and attack vectors that spark conversation.

• Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain the value of research to executive-level stakeholders.

• Work with Labs leadership on long-term hiring plans to scale the global team in line with business priorities; hire and develop a small bench of junior talent in Rapid7 office locations (EMEA), inspiring and training the next generation of vulnerability researchers.

The skills you’ll bring include:

• 5+ years of hands-on experience in a vulnerability research or exploit development role; you have extensive experience and a clear point of view on vulnerability exploitation, patch diffing, native code analysis, and black-box testing.

• Experience in a team lead or other research leadership role that includes management of both junior and senior researchers; experience managing across multiple time zones and countries is a big plus!

• Demonstrable experience running or participating in coordinated vulnerability disclosure processes that require coordination with external partners as well as internal teams (e.g., researchers, vendors, customers, governments, PR agencies). You have both expertise and empathy where CVD is concerned and can help all parties find common ground while still championing scalable practices that showcase team expertise.

• Expert knowledge of major vulnerability classes, attack techniques, and adversary profiles — and the ability to tell a story that connects them. Ideally you can point to public writing or speaking you’ve done on vulns and exploits (or other research or tooling you’ve delivered)

• Deep understanding of the challenges that security teams and global organizations face in today's threat climate

• Understanding of how urgency and importance can complement each other or detract from one another: Your work will fall into both categories, and you’ll need to know when to counsel patience vs. when to raise alarms.