Vector Command Specialist in City of Westminster

As a Vector Command Specialist, you will work with a team of offensive security consultants to help clients improve their security posture through your technical skills and knowledge of attack surface management strategies. You will serve as a technical analyst and customer liaison. You will also work with various Managed Services teams to help deliver monthly reports to customers, address customer needs, and assist with other security consultant deliverables.

About the Team

Vector Command is an always-on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large-scale reconnaissance, identifying exposed or high-value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post-compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities—it tests the customer’s entire security posture and defense-in-depth strategy. In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments.

About the Role

Your primary responsibility will be to support Vector Command customers by conducting external attack surface analysis, exposure reconnaissance, account and tool integrations, preparing monthly red team report deliverables, and prioritising customer requests. You will work daily with Rapid7’s Vector Command Red Team operators, assisting with ongoing red team exercises and staying up to date on the latest vulnerabilities, customer attack surface changes, and exposures within customer environments. Specifically, your focus will be to:

• Onboard customers to the Vector Command platform and technologies.
• Oversee and ensure the completeness of customer report deliverables.
• Serve as the primary point of contact for customer inquiries related to testing operations, alerts, or general Vector Command questions associated with Red Team activities.
• Coordinate and host monthly Vector Command Red Team update calls in conjunction with a Rapid7 Red Team lead.
• Translate technical concepts and communicate them effectively to non-security personnel.
• Coordinate communications between internal Rapid7 services on behalf of customers, including the Managed Detection and Response (MDR) and Managed Vulnerability Management (MVM) teams.
• Provide monthly written summaries of each customer’s attack surface and Vector Command Red Team operations.
• Analyse each customer’s exposures and attack surface within the Vector Command platform.
• Conduct manual network and service reconnaissance to identify new exposures.
• Perform Open-Source Intelligence (OSINT) gathering on customers to identify attack surface elements that extend beyond traditional network services.
• Keep the Red Team informed of significant changes in customers’ attack surfaces.
• Coordinate customer requests and prioritisations with the Red Team operators.
• Develop scripts to query and analyse attack surface data from numerous sources and automated systems.
• Perform entry level penetration testing activities against external assets, as assigned by the Red Team lead.

The skills and qualities you’ll bring include:

• 3+ years in an active technical security role.
• Knowledge of modern penetration testing tools and methods.
• Knowledge of external attack surface reconnaissance techniques to identify customer’s internet facing exposures.
• Strong knowledge of network, web-based application, and IEEE 802.11 security concepts.
• Knowledge of Windows/Linux/UNIX internals and the Internet protocol suite.
• Experience using scripting languages such as Python and PowerShell.
• Experience with social engineering techniques and tactics related to reconnaissance and OSINT gathering.
• Certifications such as CREST, GPEN, PJPT, PNPT, CPTS, or OSCP are preferred.
• Excellent written and verbal communication skills.
• Collaborative mindset, contributing to knowledge sharing and cross training.
• Demonstrate a commitment to the "end-to-end" testing process, from the initial pre-engagement planning to providing accountable support during the final remediation phase.

Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy – apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.