Security Researchers

The Metasploit Project has a great track record of publishing new vulnerabilities. We’re asking you to contribute by discovering new vulnerabilities in operating systems, network devices, applications, databases, and web applications.

We’ll help you disclose the vulnerability responsibly by alerting the vendors and CERT before alerting the general public. We follow this full disclosure policy to protect the public against zero-day attacks before the vendor of the vulnerable system has had an opportunity to patch it.

In the end, we’ll help ensure that you’ll get credit for finding the vuln and spread the word about your great accomplishment. Often, your exploit developer colleagues will then do what they do best: develop an exploit for your newly found vulnerability and add it to the Metasploit Project.

• Contribute to the Metasploit Framework, downloaded by over one million people in the past year
• Help contribute to one of the largest databases of exploits available to the security community
• Use your strong analytical skills to investigate new vulnerabilities, exploits, and threats
• Be part of one the most highly prolific open source projects around

As a security researcher, you should be good at breaking systems and have coding experience.

Many of our volunteer contributors have joined us here at Rapid7 in paid full-time positions. We’re always growing our team. If you are interested in a career with the Metasploit Project or Rapid7, please check for updates on Rapid7 job opportunities. Good luck!