Coordinated Vulnerability Management

Rapid7's Vulnerability Intelligence team is looking for an experienced PROGRAM MANAGER to drive and expand our Coordinated Vulnerability Disclosure (CVD) program, and our Emergent Threat Response (ETR) program. Our CVD program sees dozens of new vulnerabilities disclosed each year across many different technologies, commercial vendors, and open-source repositories. Our ETR program provides company-wide responses to widespread threats that pose risk to customers. This role will work closely with vulnerability researchers, penetration testers, threat analysts, and product teams to both drive and grow these programs.

About the Team

Rapid7's Vulnerability Intelligence team leads industry research to uncover and prioritize risks for organizations worldwide. Our researchers discover and disclose zero-day vulnerabilities, analyze n-day vulnerabilities, develop Metasploit exploit modules, and identify patterns in emerging attack surfaces. Beyond driving coordinated responses to major incidents, the team provides actionable insights that help defenders stay ahead of evolving threats—proactively shaping understanding of today's risks and tomorrow's attack vectors.

In this role, you will:

• Program manage Rapid7's Emergent Threat Response program, driving and growing Rapid7's cross team response to widespread threats.

• Program manage Rapid7's Coordinated Vulnerability Disclosure program, shepherding each disclosure from initial outreach through final public release and ensuring thoughtful adherence to Rapid7's coordinated disclosure policy. 

• Lead vendor outreach and communication for external vulnerability disclosures directly, including ongoing vendor negotiations, third-party involvement (e.g., from CERTs or IR firms), and customer-ready messaging.

• Copy-edit and publish vulnerability disclosure blogs on Rapid7-discovered issues and response blogs for emergent threats, working with our PR, Labs, and product teams to make sure each blog tells a coherent, compelling story and includes relevant Rapid7 customer information. 

• Create and maintain operational documentation for the programs you manage.

• Be an advocate for both CVD and ETR within Rapid7 and across the broader community.

The skills you'll bring include:

• A strong understanding of the context and ecosystem surrounding enterprise software vulnerabilities. Prior experience as a vulnerability analyst is a plus. We are not looking for a background in technical vulnerability research, but understanding what matters, what doesn't and why are important.

• Strong communication skills and experience working across teams and functions to drive operations for complex and time sensitive programs.

• Experience conducting coordinated vulnerability disclosure (CVD) operations, particularly with external vendors and industry bodies; experience conducting complex multi-party disclosure negotiations with government or CERT involvement is a big plus.

• A strong understanding of how the CVE ecosystem and associated metadata work (CVSS, CWE, etc.).

• The ability to both write and copy-edit written material about vulnerabilities and exploitation with accuracy and specificity, conveying complex and nuanced topics to a broad audience.

• Understanding the benefits and challenges of vulnerability disclosure and response, including the political and media climate around CVEs, exploits, and threats.

• Curiosity and openness to understanding the why behind change, actively driving progress with a forward-looking mindset.

• Accountability for delivering outcomes and meeting commitments by establishing ownership, clear roles, and shared expectations across teams and projects.

• Ability to build and leverage a global network, working across boundaries to drive sustainable improvements that create lasting business and customer value.

• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. 

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome. 

Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope - just like we've been doing for the past 20 years. If you're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us. 

#LI-SIM