Penetration Tester, Senior Consultant

US - Remote

Location(s)

US - Remote

Team(s)

Security Services


Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 9,100 organizations across 140 countries, including 52% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

Overview

Do you enjoy attacking networks? Do you enjoy hacking custom protocols and embedded devices? As a penetration tester in the Consulting Division of Rapid7, you will help our clients improve their security  posture through your technical skills and knowledge of defense strategies. 

Our clients often present us with unique security challenges from a testing perspective. Likewise, we work  with a wide variety of technology platforms and protocols. Beyond providing services to customers, you  are encouraged to perform research and speak at security conferences. 

But wait, we're not done yet. You will be working at Rapid7! We have some cool products and ideas and  we're enthusiastic about them. Why wouldn't you want to be part of that? Send us your resume and let's talk. 

Essential Responsibilities 

You will be called on to perform technical testing against a variety of targets. These include:

  • Network Penetration Testing (wired and wireless) 

  • Application Penetration Testing (WebApp, API, and Mobile) 

  • Social Engineering (on premise and electronic) 

Beyond delivering these services, as a consultant you will: 

  • Grow and support all security practice offerings in a pre- and post-sales role 

  • Develop and maintain positive relationships with clients and understand their business and needs. 

  • Participate in industry conferences and professional organizations 

  • Create additional value for clients through continual insights and consultative advice based on  experience with the client, their industry, established standards and leading practices 

  • Translate technical concepts and convey them to non-security personnel 

  • Mentor and coach junior staff to promote growth, project contributions, and knowledge sharing. 

  • Meet professional practice standards and demonstrate exceptional skill in core service areas 

  • Collaborate with sales, pre-sales and marketing personnel to promote and explain penetration testing  services, pricing and scoping and is able to build cross-organizational relationships across Rapid7 

Job Requirements 

  • 4+ years Penetration Testing Consulting experience

  • 5+ years in an active technical security role 

  • Expert knowledge of the following:

    • Modern penetration testing tools and methods 

    • Network security concepts 

    • Web-based application security concepts 

    • Windows/Linux/UNIX internals 

    • Social engineering techniques and tactics 

  • Experience using multiple interpreted languages (Ruby, Python, PHP, etc.) 

  • Experience with multiple compiled languages (Java, C, C++, Assembly, etc.) 

  • Strong written and verbal skills 

  • Maintain positive client relationships and feedback 

  • Knowledge of common regulatory structures and obligations and common I.T. governance. 

  • The ability to effectively lead teams of penetration testers while on engagements 

  • Be comfortable explaining findings and recommendations to technical and non-technical audiences including C-Level and Board briefings 

Job Plusses: 

  • Master's degree or foreign equivalent in Engineering, Computer Science, MIS, CIS or related field 

  • Certifications such as OSCP, OSCE, GXPN, OSEE

  • Experience with IoT Testing

  • Experience with Red & Purple Teams

#LI-AA2

#LI-Remote