Himalayas logo
Rapid7RA

Senior Security Researcher

Rapid7 is a cybersecurity company providing data security and analytics solutions, including vulnerability management, incident detection and response, application security, and cloud security. Founded in 2000, the company aims to help organizations reduce risk and eliminate threats across modern IT environments.

Rapid7

Employee count: 1001-5000

United Kingdom only

Stay safe on Himalayas

Never send money to companies. Jobs on Himalayas will never require payment from applicants.

The Senior Security Researcher will drive vulnerability discovery and analysis within Rapid7’s Vulnerability Intelligence team. You’ll research zero-day and n-day threats, develop exploits, publish root cause analyses, and collaborate across teams to provide defenders with actionable insights.

About the Team

Rapid7’s Vulnerability Intelligence team leads industry research to uncover and prioritize risks for organizations worldwide. Our researchers discover and disclose zero-day vulnerabilities, analyze n-day threats, develop Metasploit modules, and identify patterns in emerging attack surfaces. Beyond driving coordinated responses to major incidents, the team provides actionable insights that help defenders stay ahead of evolving threats—proactively shaping understanding of today’s risks and tomorrow’s attack vectors.

About the Role

In this role, you will:

  • Work with the broader Vulnerability Intelligence team to support day-to-day research operations, including coordinated vulnerability disclosures and rapid responses to major security incidents (Note: there is no on-call requirement for this role).

  • Perform and publish root cause analyses of high-priority vulnerabilities and potential threats that highlight Rapid7’s attacker-focused approach to vulnerability intelligence.

  • Develop and publish new exploits and attack techniques, working alongside the Metasploit team to incorporate them into Metasploit Framework as needed. We believe strongly that defenders benefit from having democratic access to offensive security capabilities in order to understand attacks and test their controls!

  • Conduct zero-day vulnerability research against popular enterprise technologies (e.g., network appliances, VPN gateways, CI/CD servers, file transfer and backup solutions, etc).

  • Advise our security and threat detection engineers as they develop vulnerability checks, fingerprints, and detections; contextualize risk and explain attack patterns to cross-team technical stakeholders.

The skills you’ll bring include:

  • Hands-on experience with common vulnerability classes and exploitation techniques (e.g., command injection, deserialization, etc). We don't expect you to know everything, but you should be comfortable digging in to both learn and apply new or unfamiliar techniques when needed.

  • Experience producing vulnerability root cause analyses (or other technical writing on vulnerabilities and exploits).

  • Hands-on experience reverse engineering, patch diffing, and developing exploits. Prior experience developing Metasploit modules is a plus. Prior experience reverse engineering at least one common enterprise software development language (e.g. Java, .NET, C/C++) is also a plus.

  • Familiarity with common security research tooling (e.g., IDA, Ghidra, Binary Ninja, Burpsuite, etc).

  • An instinct for where and how to obtain or emulate vulnerable software. We can’t perform hands-on analysis without targets - sometimes we have lab targets, sometimes there are AMIs available, and sometimes we have to get creative.

  • Deep empathy for the challenges that security teams and global organizations face in today's threat climate; willingness to listen, mentor, and collaborate across teams.

  • Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome.

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ ve been doing for the past 20 years. If you ’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Senior

Location requirements

United Kingdom

Hiring timezones

United Kingdom +/- 0 hours

Job categories

Senior Security ResearcherPrincipal Security ResearcherStaff Security ResearcherSecurity Researcher

Skills

Vulnerability ResearchZero Day ExploitationMetasploitExploit DevelopmentReverse EngineeringRoot Cause AnalysisJava.NETC++IDAGhidraBinary NinjaBurp suiteMakeRoot Cause

About Rapid7

Learn more about Rapid7 and their company culture.

View company profile

Founded in 2000 by Alan Matthews, Tas Giakouminakis, and Chad Loder, Rapid7 embarked on a mission to provide innovative cybersecurity solutions. The company was established with the vision of helping organizations effectively detect and respond to security threats. Alan Matthews brought his extensive cybersecurity expertise, Tas Giakouminakis provided the technical software development knowledge, and Chad Loder contributed his entrepreneurial vision to shape the company's strategic direction. What began as a focused endeavor to address the evolving landscape of cyber threats has grown into a global leader in vulnerability management and incident detection. Over the years, Rapid7 has consistently pushed the boundaries of security technology through innovation and strategic partnerships. A key milestone in their journey was the launch of Nexpose, their flagship vulnerability management solution, in 2007. This was followed by the strategic acquisition of Metasploit, a renowned open-source penetration testing tool, in 2010, significantly expanding their product portfolio. The company's growth trajectory continued, leading to its initial public offering (IPO) on the NASDAQ stock exchange in 2012 (though another source indicates 2015). In 2015, Rapid7 further enhanced its threat detection capabilities by acquiring Logentries, a provider of cloud-based log management and analytics solutions. The introduction of InsightIDR in 2018, a cloud-based SIEM solution, marked another significant step in empowering organizations to detect and respond to security incidents in real-time.

Today, Rapid7 is a leading cybersecurity solutions provider, dedicated to making successful security tools and practices accessible to all. Their Insight Platform technology, expert services, and thought-leading research enable over 9,000 customers worldwide to improve their security programs and innovate safely. As technology continues to advance rapidly, every company has essentially become a technology company, inherently creating new security risks. The migration to the cloud and the proliferation of connected devices present security teams with an increasingly complex and unpredictable attack surface. Rapid7 believes that as cybersecurity challenges escalate, two primary factors hinder organizations from effectively managing their security exposure: the complexity of security tools and the scarcity of qualified cybersecurity professionals to manage them. These challenges are compounded for resource-constrained organizations. Rapid7 aims to bridge this 'Security Achievement Gap' by simplifying complex security problems. Their solutions empower teams to more effectively reduce vulnerabilities, monitor malicious behavior, investigate and shut down attacks, and automate routine tasks. This is all supported by a dedicated team of security researchers and consultants who bring real-world attacker behavior knowledge and emerging vulnerability insights directly to their customers. Headquartered in Boston, Massachusetts, Rapid7 operates globally, serving a diverse range of industries including technology, energy, financial services, healthcare, and government.

Claim this profileRapid7 logoRA

Rapid7

Company size

1001-5000 employees

Founded in

2000

Chief executive officer

Corey E. Thomas

Markets

CybersecurityVulnerability ManagementPenetration TestingCloud SecurityThreat Detection and ResponseSecurity AnalyticsManaged Security ServicesIT OperationsSoftware DevelopmentSecurity Information And Event Management (SIEM)

Employees live in

United States
View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

10 remote jobs at Rapid7

Explore the variety of open remote roles at Rapid7, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Rapid7
Top remote companies

Remote companies like Rapid7

Find your next opportunity by exploring profiles of companies that are similar to Rapid7. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan
Save
Apply now
Rapid7 hiring Senior Security Researcher • Remote (Work from Home) | Himalayas