U.S. cybersecurity giant Rapid7 has announced plans to lay off 18% of its workforce, affecting more than 400 global employees.

In a regulatory filing, the Boston-based cybersecurity company said its restructuring effort is “designed to improve operational efficiencies, reduce operating costs and better align the company’s workforce with current business needs.”

The filing confirms that Rapid7 will eliminate 18% of its workforce, but the company did not say how many employees were affected, nor did it respond to TechCrunch’s questions. Rapid7, which in January hired Twitter whistleblower Peter “Mudge” Zatko, reported more than 2,600 employees at the end of 2022, and the Boston Globe reports that around 470 employees had been laid off.

The company said in its filing that it estimates the layoffs will result in $24 million to $32 million in severance and other costs, noting that the execution of the restructuring plan will mostly be complete by the end of its fiscal fourth quarter later this year.

Rapid7 added it also plans to permanently close certain office locations as a result of the restructuring, which will cost the company an additional $4 million. Rapid7 did not say which locations would close. The company, which describes itself as “hybrid-first,” currently has 10 offices across the U.S., with locations in New York, Los Angeles and San Francisco.

News of the restructuring was announced alongside Rapid7’s second quarter earnings, during which the firm posted revenues of $190.4 million, up 14% year-on-year, on a loss of $67 million during the three-months ending June 30. That’s a deeper loss than $40 million its previous year, though better than Wall Street analysts had expected.

In a letter sent to employees — referred to internally as “Moose” — Rapid7 chief executive Corey Thomas said: “While it may be surprising to take this measure when we are meeting performance expectations, making decisions from a place of strength allows us the opportunity to restructure intentionally. This restructuring and near-term reduction will set up our teams and customers for long term success. It will increase our capacity to invest where customers need it, and give us the flexibility to scale intentionally, foster innovation, and improve processes.”

Thomas added that as the company has grown its employee base to meet demand, this has “also created unnecessary friction and inefficiencies which hinder our customer experience.”

“It is difficult and heartbreaking to say goodbye to Moose who have been integral to our teams over the years,” Thomas added. “We would not go forward if we were not confident that this is the best and only way we will be able to deliver the experience that our customers demand, vault over our competition, and remain the best place to work for the most Moose possible.”

All employees being laid off are eligible to receive severance packages, including continued healthcare coverage for the duration of the severance period and outplacement services for career support.

Rapid7 is just one of a number of cybersecurity firms that have announced layoffs this year. Bug bounty platform HackerOne last week announced plans to lay off 12% of its workforce, and pen testing firm Bishop Fox laid off around 50 employees — or 13% of its workforce — in May.

Read the full report here.