Role Description Rubrik is seeking an Enterprise Security Engineer. In this role, you will be responsible for ensuring that Rubrik's Corporate Enterprise IT technologies are designed and implemented to the highest possible security standards. You will partner with a variety of stakeholders across the business to improve the Security posture of SaaS applications, integrations, identity and access, endpoints, wireless network, and IoT devices. What you'll do: - Design and implement security standards across Identity (Okta), Endpoint (Windows, MacOS, Linux), Secrets Management (Vault, Lastpass) and Business Applications (Salesforce, Glean, etc). - Partner with IT and other organizations to improve the security posture of enterprise applications, integrations, and access to sensitive and business data. - Actively participate in evaluation, development, and management of security and compliance policies within IT management systems such as JAMF, inTune, etc. - Analyze and harden existing applications, infrastructure, automation, and deployment processes: CircleCI, Github workflows, Tines, Zapier, etc. - Work with Corp IT teams, operations, governance, and other stakeholders to draft security standards and implement monitoring, alerting, and governance. - Review and approve application security review requests to ensure new applications used by Rubrik and employees are secure, monitored, and security standards are enforced. - Support the SOC in analyzing applicable threats, vulnerabilities, controls, and residual risks. - Partner with Vulnerability Management and Threat Operations to drive remediation of critical vulnerabilities and detection of IOC’s in the environment. - Actively monitor and manage EDR policies. - Partner with the organization to deploy technologies for AI usage and security. - Leverage AI tools and agents to improve team performance, enterprise security capabilities, and team efficiency - do more with less and faster. Qualifications - 6+ years experience in enterprise security, with hands-on experience in administration and design across Windows, Mac, Okta, and public cloud infrastructure. - Broad knowledge of enterprise attack vectors and exploits in both end-user and IT Apps. - Subject matter expertise in business applications, endpoint, and Identity management. - Deep understanding of endpoint systems, corporate networking including wi-fi and IT application systems (Salesforce, Mulesoft, Lastpass, etc). - Programming experience in PowerShell, Python, Go, or Java. - Experience with deploying and securing Enterprise applications and environments at scale. - Security and administrative expertise in at least one major public cloud provider (AWS, GCP, Azure). - Understanding of corporate security maturity model frameworks and how to apply them. - Strong written and verbal communication skills. - Knowledge of regulatory guidelines and standards such as SOC2, ISO 27001, FedRAMP, etc. Requirements - Know, acknowledge, and follow system-specific security policies and procedures. - Protect data and individual privacy per requirements and regulations. - Perform ongoing activities in compliance with service and contractual obligations. - Participate in role-based training, completing assignments on a timely basis. - Report security issues promptly, and aid investigation when needed. - Support controlled changes and vulnerability remediation activities. - Work collaboratively with Information Security in designing, implementing, assessing, or enhancing system-specific security and privacy controls. Position Risk Designation - Position Risk Designation: Non-Sensitive, Low Risk, Tier 1. - Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. - Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2 (Public Trust). - Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk. - Position Risk Designation: Moderate Risk Law Enforcement (CJIS). - When hired for a position where access to Moderate Risk criminal justice information is required, the employee must complete a fingerprint-based national criminal history background check within 30 days after the employee’s start date. Benefits - The minimum and maximum base salaries for this role are posted below; additionally, the role is eligible for bonus potential, equity, and benefits. - US (SF Bay Area, DC Metro, NYC, Seattle) Pay Range: $150,200 — $225,400 USD. - US2 (all other US offices/remote) Pay Range: $135,200 — $202,800 USD.

• Lead end‑to‑end architecture, configuration, and deployment of Microsoft Purview solutions across Data Governance, Data Security, and Data Compliance pillars. • Facilitate requirements gathering sessions with business, legal, privacy, records, and security stakeholders to translate policy, regulatory, and operational needs into actionable Purview configurations. • Architect and implement Purview‑based controls including: Data Loss Prevention (endpoint, email, SharePoint/OneDrive, Teams, cloud apps) Sensitivity labels, labeling policies, and encryption workflows Insider Risk Management policies and analytics Information Barriers and data segregation controls Records Management, Retention/Deletion policies, File Plan mapping eDiscovery Standard/Premium workflows, holds, collections, and review sets Data Lifecycle Management and data residency enforcement. • Establish and maintain the Microsoft Purview Data Map and Data Catalog, ensuring appropriate metadata harvesting, scanning rules, classification schemas, and lineage tracking across cloud and on‑premises data sources. • Conduct data environment assessments, including ROT (redundant, obsolete, trivial) analysis, unclassified vs. controlled data assessments, and large‑scale mapping of file shares, repositories, and tenant‑wide content. • Design and maintain Data Classification frameworks using custom and out‑of‑the‑box classifiers, machine learning classifiers, and sensitive information types. • Implement governance guardrails, policy hierarchies, and compliance baselines to support federal mandates, OMB/NIST standards, agency‑specific directives, and Zero Trust requirements. • Support and lead tenant‑wide migrations, environment consolidation activities, and data cleanup initiatives, including after-hours migration windows when required. • Create technical documentation, architecture diagrams, SOPs, operational runbooks, and governance artifacts. • Monitor and respond to compliance alerts, policy violations, and security incidents, recommending remediation actions and driving issue resolution. • Partner with enterprise architecture, information security, data stewards, and M365 engineering to ensure alignment with broader data strategy and platform standards. • Provide guidance and enablement to teams across the organization, including training, knowledge transfer, and best practices for Purview adoption. • Continuously evaluate new Purview features, roadmap releases, and federal compliance requirements to optimize the agency’s data protection posture.

Senior Cybersecurity Advisor Rapid7 Cybersecurity Advisors partner with our customers above and beyond the tactical aspects of vulnerability management, application security, and threat detection and incident response. You will work with your customers to increase their resilience against threats through tailored mitigation recommendations, proactive threat awareness reporting, and regular touch-points to discuss IT security initiatives and associated best practices. About the Team Rapid7's Managed Services deliver world class, 24/7/365 threat detection, incident response, vulnerability management, and application security services for our customers. As a member of Rapid7's Cybersecurity Advisor team, you are on the front-lines helping clients defend against and respond to today's biggest threats. Our analysts and scanning operation teams keep a constant watch on our customers and provide guidance and strategies to help identify and remediate significant risks. Rapid7 Cybersecurity Advisors are fanatical about security and customer satisfaction, and are just as comfortable working in the weeds with engineers as we are briefing a CISO on a recent breach and security strategy. About the Role As a Senior Cybersecurity Advisor, you will be the key trusted advocate to our customers. Your valuable experience and in-depth understanding of the security landscape will be pivotal in shaping the customer perception of Managed Services and its exceptional service. Our Cybersecurity Advisors are responsible for leveraging their technical knowledge to guide customers in the successful usage of security product features and enhancements, and for positively impacting the overall success and maturity of customers' security programs. Specifically, your focus will be to: - Ensure that Rapid7 Platform technology is functional, and coordinate with Rapid7's Managed Services and Rapid7's Support team when needed - Work closely with Analysts and Scan Operators to convey recommendations to Rapid7 customers - Review and generate high-quality accurate and contextual customer deliverables for complex technical accounts - Acts as an expert in industry attack trends and defenses, advising clients on best practices and strategic solutions - Drive customer optimization and usage through an expert understanding of Rapid7 products - Develop and maintain strong, long-lasting advisory relationships with key stakeholders, including technical teams, project managers, and C-level executives on complex accounts - Operate as the escalation point for junior advisors, driving the revitalization of customer health and satisfaction on escalated accounts - Guide clients through findings and provide subject matter expertise for response activities - Provide expertise in technology deployment and client onboarding processes - Gather client input and requirements across the Managed Services client base to influence Managed Services service roadmap - Teach and mentor junior team members on technical concepts and service delivery best practices - Assist Managed Services Leadership with effective scaling strategies to face the challenge of an ever-expanding customer base - Anticipate potential risks and challenges in customer relationships and work proactively to address them before they escalate The skills and qualities you'll bring include: - Bachelors Degree in Information Technology, or two or more years of related experience - 5-6 years of experience in Information Security Consulting or related discipline - Industry-related certifications i.e. A+, Network+, Sec+, Cloud+, CCSP, etc. - Outstanding written and verbal skills in Japanese and English - Exceptional interpersonal and communication skills - Ability to collaborate with cross-functional teams to drive impact and positive customer outcomes - Adaptability and capability to navigate change and ambiguity - Prior technology deployment and configuration experience - Significant experience with security frameworks and concepts - Excellent project management and prioritization abilities - Significant experience in managed or enterprise information security services, vulnerability management, incident response, forensics, malware analysis, penetration testing, or network defense - Mastery of technical concepts and experience advising customers on how to best use and adopt the platform for faster Return on Investment (ROI) - Accountability for outcomes and meeting commitments that deliver value for customers - Problem-solving mentality with the ability to navigate complex situations independently - Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today. #LI-CG3 About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.

• Design and implement mid and long-term security strategies, aligning them with business goals and technology roadmaps to ensure robust protection of digital assets. • Identify, assess, and manage security risks, developing strategies to mitigate potential threats and vulnerabilities. • Lead the transition from managed detection and response services to an in-house capability, ensuring seamless operational change and continuity. • Establish and manage an on-call incident response protocol to ensure swift and effective response to security incidents. • Partner with the Privacy team to establish foundational data security practices and policies. • Provide hands-on expertise to achieve and maintain PCI DSS certification.