Senior Product Manager - SIEM Data & Event Ingestion

Cybersecurity teams depend on complete, high-quality telemetry to detect and respond to threats. As Senior Product Manager for SIEM Data & Event Source Ingestion, you will ensure Rapid7 delivers the trusted data foundation that modern security operations require. You will drive the strategy for ingesting, normalizing, and enriching security events across cloud, endpoint, identity, and network ecosystems-enabling accurate detection, streamlined investigations, and automated response.
In this highly strategic role, you will partner with engineering, security research, and customer-facing teams to build SaaS-native ingestion capabilities that scale with customer environments and adapt to a rapidly evolving threat landscape. The ideal candidate brings deep experience in cybersecurity-such as SIEM, XDR, detection engineering, or SOC operations-and understands how data quality, schema design, and telemetry coverage directly impact detection efficacy and customer outcomes.
About the Team
This role is part of Rapid7's Detection & Response product organization, responsible for delivering the core SaaS and managed service capabilities that power our customers' security operations. The team owns the end-to-end foundation for detection and response, from event source ingestion and detection rule management to alert triage, incident management, and automation, enabling customers and MDR analysts to detect, investigate, and respond to threats with speed and confidence.
About the Role
As Senior Product Manager - SIEM Data & Event Source Ingestion, you will define and drive the strategy, roadmap, and execution for how Rapid7 ingests, normalizes, and operationalizes security telemetry across the modern attack surface. This is a foundational role within Rapid7's Detection & Response portfolio, responsible for ensuring customers achieve comprehensive visibility with no blind spots across cloud, endpoint, identity, network, SaaS, and hybrid environments.
You will shape the data ingestion layer that powers threat detection, investigation, and response - translating evolving attacker behaviors, security frameworks (e.g., MITRE ATT&CK), and real-world SOC workflows into scalable, SaaS-native ingestion capabilities. Your work will directly influence detection fidelity, coverage depth, and overall risk reduction for our customers.
This role requires strong cybersecurity domain expertise, including a deep understanding of security telemetry, log sources, threat detection methodologies, and incident response workflows. You must be comfortable operating at the intersection of product strategy and technical architecture, partnering closely with engineering, detection engineering, data science, and security practitioners.
Specifically, you will:

• Own the product vision and multi-quarter roadmap for event source coverage and telemetry ingestion across the entire attack surface.
• Define ingestion strategy based on evolving threat landscapes, adversary tactics, and customer detection maturity.
• Engage directly with security teams (SOC analysts, detection engineers, cloud security teams, IR leaders) to understand use cases, investigation workflows, and telemetry gaps.
• Drive prioritization across diverse environments - on-premises, multi-cloud, hybrid, and SaaS - ensuring scalable, reliable, and secure event collection pipelines.
• Partner with detection engineering to align event source coverage with detection logic, content strategy, and ATT&CK technique mapping.
• Lead integration strategy and prioritization for external data providers and security platforms (e.g., AWS, Azure, GCP, Okta, M365, CrowdStrike, identity providers, network telemetry sources).
• Ensure ingestion capabilities support normalization, enrichment, schema mapping, and correlation required for high-fidelity detection and response.
• Champion interoperability and extensibility through APIs, open standards, and partner ecosystem collaboration.
• Serve as an internal and external advocate for how comprehensive telemetry coverage drives measurable improvements in threat detection efficacy, dwell time reduction, and SOC efficiency.
• Balance performance, scalability, security, and cost considerations inherent in high-volume SaaS ingestion architectures.

The skills and qualities you'll bring include:
Required

• 4+ years of product management experience, including ownership of technical or platform products in a SaaS environment.
• Strong cybersecurity domain expertise, including experience with security telemetry (cloud, endpoint, identity, network, SaaS), SIEM/XDR/EDR platforms, and SOC or incident response workflows.
• Deep understanding of threat detection methodologies and frameworks such as MITRE ATT&CK, and how telemetry maps to detection logic.
• Experience building or managing data ingestion, integration, or event-driven platforms at scale, including normalization, enrichment, and schema (OCSF) design.
• Proven ability to define integration strategies across major cloud and security ecosystems (e.g., AWS, Azure, GCP, Okta, Microsoft 365, CrowdStrike).
• Strong technical fluency in APIs, event pipelines, cloud-native architectures, and distributed systems.
• Demonstrated ability to translate evolving threat landscapes and customer security needs into product strategy and roadmap execution.
• Excellent cross-functional leadership and communication skills, with experience partnering closely with engineering, detection engineering, UX, and go-to-market teams.
• Customer empathy and experience in conducting direct user research and validation
• Collaborative mindset and believe that we achieve more as a team than as individuals.
• Insatiable curiosity and a drive for continuous improvement, always pushing to evolve your skills and our processes.
• You aren't afraid to challenge the status quo, bringing innovative thinking and a fresh perspective to complex problems.
• Embody our core values to foster a culture of excellence that drives meaningful impact and collective success

Preferred

• Experience in SIEM, XDR, MDR, or detection engineering environments.
• Background in security operations or hands-on security tooling.
• Familiarity with modern data streaming architectures and authentication standards (e.g., OAuth, SAML, SCIM).

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.