Product Security Manager

Rapid7, Cambridge, MA

Rapid7: Transforming data into answers

Rapid7 was founded in 2000 to give customers transparency into vulnerabilities in their IT environments with a comprehensive vulnerability management solution, something that didn’t exist at the time. Now Rapid7 continues to deliver state of the art solutions for our customers’ security and IT challenges with a variety of products and our Insight platform: a cloud-based analytics platform that powers our products for vulnerability management, incident detection & response, offensive security, application security, and DevOps + IT operations.

As Rapid7 and the Insight platform continues to grow, so does our attack surface. Because of this, we’re looking for an awesome Platform Security Manager to join our Information Security team in Cambridge, MA. This engineering leader is the kind of person who wants to build a product security engineering function from the ground up. Also, have you ever wondered what it's like to work on a security team at a security company? Hint: it's kind of amazing.

Your profile

For you InfoSec isn’t just a job: it’s a lifestyle. You're seeking a new opportunity to flex your security expertise by overseeing and building our AppSec team from the ground up. In this capacity you’ll work with product engineering teams to implement AppSec best practices, help us build security into our distributed CI/CD pipeline, and build tooling to enable product engineers to move fast and be secure. You’re passionate about continuously evolving product security to stay one step ahead of attackers.


  • Lead a team of engineers with disciplines in both Application Security and Cloud Security
  • Extensive knowledge and experience with implementing best practices in a secure SDLC
  • Experience with SAST, DAST, IAST, SCA, RASP, and/or WAF tooling
  • Extensive knowledge and experience with one or more of the following: Java, Python, and JavaScript
  • Knowledge of integrating custom security controls and security tests in development and build environments
  • Automate IaaS assessments, reporting, remediation with a measurable and repeatable process
  • Extensive experience building “guardrails, not gates” into CI/CD environments
  • Working knowledge of one or more of the following technologies or design patterns:
    • Microservice design and architecture
    • Using and developing RESTful APIs
    • Message queueing systems
    • SQL and NoSQL databases (e.g. Cassandra)
    • Containerization and virtualization technology (e.g. VMs, Docker)
  • Ability to pivot quickly with changing priorities in a dynamic, hyper-growth environment
  • Strong capability to communicate security concepts and requirements at all levels of the business
  • Strong sense of project ownership and excellent time and task management skills
  • Strong desire to mentor teammates and provide leadership on key initiatives/projects
  • Education in Computer Science, Information Systems, or a similar field
  • 5+ years of experience in the InfoSec and/or software development fields


  • Extensive knowledge of AWS security concepts and best practices
  • Working knowledge of managing infrastructure and resources in AWS using Terraform and Chef, Ansible, Puppet, or Salt
  • Experience with one or more of the following: Go, Ruby, and Erlang
  • Experience with Jenkins
  • Experience creating threat models and remediation plans
  • Working knowledge of identity and access management
  • Experience working in Agile Scrum environments
  • Exposure to Rapid7 products

About Rapid7

Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant. Our products and services enable organizations to innovate securely and reliably, and include offerings in vulnerability management (Nexpose), penetration testing (Metasploit), application security (AppSpider), SIEM/incident detection and response (InsightIDR), and log management (Logentries). Learn more at Rapid7.com.

Want to learn more about Rapid7? Visit Rapid7's website.