Vector Command Specialist (Penetration Testing)

Rapid7

3d•Remote

About The Position

As a Vector Command Specialist, you will work with a team of offensive security consultants to help clients improve their security posture through your technical skills and knowledge of attack surface management strategies. You will serve as an entry-level technical analyst and customer liaison. You will also work with various Managed Services teams to help deliver monthly reports to customers, address customer needs, and assist with other security consultant deliverables. About the Role Your primary responsibility will be to support Vector Command customers by conducting external attack surface analysis, exposure reconnaissance, account and tool integrations, preparing monthly red team report deliverables, and prioritizing customer requests. You will work daily with Rapid7’s Vector Command Red Team operators, assisting with ongoing red team exercises and staying up to date on the latest vulnerabilities, customer attack surface changes, and exposures within customer environments.

Requirements

3+ years in an active technical security role.
Excellent written and verbal communication skills.
Previous technical security consulting experience.
Knowledge of modern penetration testing tools and methods.
Knowledge of external attack surface reconnaissance techniques to identify customer’s internet facing exposures.
Strong knowledge of network, web-based application, and IEEE 802.11 security concepts.
Knowledge of Windows/Linux/UNIX internals and the Internet protocol suite.
Experience using scripting languages such as Python and PowerShell
Experience with social engineering techniques and tactics related to reconnaissance and OSINT gathering.
A Bachelor’s degree in Computer Science, MIS, CIS or a related field, or equivalent experience.
The ability to ask for help.

Nice To Haves

Certifications such as GPEN, PJPT, PNPT, CPTS, or OSCP are preferred.

Responsibilities

Onboard customers to the Vector Command platform and technologies.
Oversee and ensure the completeness of customer report deliverables.
Serve as the primary point of contact for customer inquiries related to testing operations, alerts, or general Vector Command questions associated with Red Team activities.
Coordinate and host monthly Vector Command Red Team update calls in conjunction with a Rapid7 Red Team lead.
Translate technical concepts and communicate them effectively to non-security personnel.
Coordinate communications between internal Rapid7 services on behalf of customers, including the Managed Detection and Response (MDR) and Managed Vulnerability Management (MVM) teams.
Provide monthly written summaries of each customer’s attack surface and Vector Command Red Team operations.
Analyze each customer’s exposures and attack surface within the Vector Command platform.
Conduct manual network and service reconnaissance to identify new exposures.
Perform Open-Source Intelligence (OSINT) gathering on customers to identify attack surface elements that extend beyond traditional network services.
Keep the Red Team informed of significant changes in customers’ attack surfaces.
Coordinate customer requests and prioritizations with the Red Team operators.
Develop scripts to query and analyze attack surface data from numerous sources and automated systems.
Perform entry level penetration testing activities against external assets, as assigned by the Red Team lead.