Senior Security Consultant, Emergent Threat & Exploit Researcher

Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack surface, crafting novel attack chains to breach a client’s perimeter, gaining initial access, laterally moving, and demonstrating impact, all while evading security teams and their controls? As a penetration tester on the Global Services team at Rapid7, you will help our clients improve their security posture through your technical skills and knowledge of both offensive and defence strategies.

About the Team: Vector Command is an always-on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large-scale reconnaissance, identifying exposed or high-value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post-compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities—it tests the customer’s entire security posture and defence-in-depth strategy.

In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments.

About the Role: Your primary responsibility is to deliver Rapid7’s Vector Command Continuous Red Teaming service. In this role, you will investigate emerging threats, uncover novel vulnerabilities across large external attack surfaces, and attempt to breach customer perimeter defenses to gain initial access. When new N-day or zero-day vulnerabilities emerge, this role rapidly analyzes them, recreates proof-of-concepts, and assesses customer environments for exposure. Between these high-priority efforts, the researcher actively hunts for novel vulnerabilities and unique attack paths across customer attack surfaces to support initial access operations. Specifically, your focus will be to:

• Evaluate large external attack surfaces to identify vulnerabilities that enable initial access.
• Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction.
• Analyze, develop, and exploit N-day and newly released zero-day vulnerabilities relevant to customer environments.
• Identify novel attacks through black-box evaluation of customer web applications, leading to initial access or exposure of sensitive data.
• Develop and maintain positive relationships with clients and understand their business and needs.
• Participate in industry conferences and professional organizations.
• Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices.
• Translate technical concepts and convey them to non-security personnel.
• Mentor and coach junior staff to promote growth, project contributions, and knowledge sharing.
• Meet professional practice standards and demonstrate exceptional skill in core service areas.

The skills and qualities you’ll bring include:

• 5+ years in an active technical security role & 4+ years Penetration Testing Consulting experience.
• Expert knowledge of modern penetration testing tools and methods.
• Network and web-based application security concepts.
• Windows/Linux/UNIX internals.
• Exploit research and development.
• Experience using multiple interpreted languages (Ruby, Python, PHP, etc.) and compiled languages (Java, C, C++, Assembly, etc.).
• Technical competencies, including previous technical consulting experience.
• High quality report writing and peer reviewing.
• Strong knowledge of common regulatory structures and obligations and common I.T. governance.
• The ability to effectively lead teams of penetration testers while on engagements.
• Be comfortable explaining findings and recommendations to technical and non-technical audiences including C-Level and Board briefings.
• Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet-facing attack surfaces.
• Certifications such as OSCP, OSCE, GXPN, OSEE, CREST.
• Experience with Red & Purple Teams.
• Excellent communication skills both with internal and external stakeholders.
• Collaborative mindset, contributing to knowledge sharing and cross training.
• Demonstrate a commitment to the “end-to-end” testing process, from the initial pre-engagement planning to providing accountable support during the final remediation phase.

Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.