Key skills
JavaScriptLinuxPythonRubyUnixGoC#C++CGolangCommunicationCustomer SuccessPenetration Testing
About this role
Role Overview
- Lead Rapid7’s Vector Command continuous Red Teaming service, overseeing team operations and post-compromise breach simulation activities.
- Oversee the pod’s operations, ensuring attack quality, target alignment, and overall customer success.
- During a breach, develop payloads, execute evasion techniques, and drive post-compromise simulation activities.
- Maintain broad involvement across all phases of the operation.
Requirements
- 5+ years in an active technical security role, with 4+ years Penetration Testing Consulting experience.
- Expert knowledge of Red Team operations: Initial access payload development.
- Creation, modification, and implementation of TTPs which evade security controls.
- A mindset for designing offensive operations to gain initial access, laterally move, and persist within customer environments.
- Develop, deploy, and maintain Command and Control (C2) infrastructure as necessary.
- Ability to adapt tradecraft to emulate the latest adversary TTPs.
- Expert knowledge of the following penetration testing areas: Modern penetration testing tools and methods; Network and web-based application security concepts; Windows/Linux/UNIX internals; Social engineering techniques and tactics.
- Experience using multiple interpreted languages (Ruby, Python, JavaScript, etc.) and compiled languages (Golang, C#, C++, etc.).
- Knowledge of common regulatory structures and obligations and common I.T. governance.
- Experience leading long-term red team operations with the ability to effectively lead teams of penetration testers while on engagements.
- Certifications such as OSCP, OSCE, GXPN, OSEE, CREST.
- Prior contribution to the Red Team offensive security space through open-source tool or tradecraft development and/or discovery and responsible disclosure of new vulnerabilities.
- Collaborative mindset, contributing to knowledge sharing and cross training.
- Excellent communication skills both with internal and external stakeholders.
- Demonstrate a commitment to the "end-to-end" testing process, from the initial pre-engagement planning to providing accountable support during the final remediation phase.
Tech Stack
- JavaScript
- Linux
- Python
- Ruby
- Unix
- Go
Benefits
- Developing new Red Team Tactics, Techniques, and Procedures (TTPs) for performing black-box Red Team operations against a group of customers, all year long.
- Provide guidance and assistance to pod members working on their operations, such as social engineering, exploit development, and external network penetration testing.
- Manage Red Team infrastructure and initial access payloads.
- Oversee and be responsible for quality customer deliverables of testing activities and findings produced by your pod.
- Develop and maintain positive relationships with clients and understand their business and needs.
- Lead monthly meetings with clients and daily standup meetings with the Vector Command pod.
- Participate in industry conferences and professional organizations Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices.
- Translate technical concepts and convey them to non-security personnel.
- Mentor and coach junior staff to promote growth, project contributions, and knowledge sharing.