Penetration Tester, Vector Command, Social Engineering Specialist

Are you passionate about network penetration testing and offensive security? As a Penetration Tester on the Global Services team at Rapid7, you will leverage your technical expertise in both offensive and defensive strategies to enhance client security posture. This role involves identifying vulnerabilities, crafting attack chains, gaining initial access, and demonstrating impact while evading security controls.

About the Team

The Vector Command team operates as an always-on Red Team operation, providing continuous support to multiple clients. In this specialized role, you will emulate real-world adversaries, conducting extensive reconnaissance, identifying exposed or high-value assets, and discovering exploitable weaknesses. The team focuses on achieving post-compromise objectives to demonstrate actual impact, evade detection, and evaluate the effectiveness of existing security controls and the overall defense-in-depth strategy.

Beyond offensive operations, responsibilities include external attack surface analysis, exposure reconnaissance, integrating accounts and tools, preparing monthly Red Team reports, and prioritizing customer requests. Daily collaboration with Vector Command operators is crucial, alongside staying informed about new vulnerabilities and changes in customer attack surfaces and environments.

About the Role

As a Social Engineering Specialist, your primary responsibility will be to deliver Rapid7’s Vector Command Continuous Red Teaming service. You will design scalable social engineering campaigns, emulating modern adversary TTPs to achieve initial access for numerous clients monthly. These campaigns often integrate with external vulnerabilities or misconfigurations to demonstrate real-world impact. Your focus will specifically include:

• Deploy, configure, and maintain social engineering infrastructure for large-scale phishing operations.
• Conduct manual and automated reconnaissance at scale to identify monthly targets for social engineering operations.
• Utilize external network vulnerabilities identified by the Vector Command team in targeted social engineering attacks, incorporating techniques like subdomain takeovers and cross-site scripting.
• Research and implement the latest social engineering techniques into monthly campaigns.
• Research and test methods to bypass social engineering defenses, including email filters, download restrictions, and multi-factor authentication mechanisms, ensuring effective delivery of phishing emails.
• Design and execute vishing campaigns.
• Incorporate Red Team payloads into phishing and vishing operations.
• Evaluate impact following successful credential breach or payload execution, coordinating with Vector Command team members for post-compromise breach simulation.
• Collaborate closely with Red Team operators, participating in daily meetings to establish attack objectives and operational direction.
• Develop and maintain strong client relationships, understanding their business and needs.
• Provide additional value to clients through continuous insights and consultative advice, leveraging industry standards and leading practices.

The skills and qualities you’ll bring include:

• 5+ years in an active technical security role.

Strong knowledge of the following:

• Advanced Social engineering techniques and tactics.
• Infrastructure management and deployment (e.g., domain records, web servers, Terraform, Ansible, phishing website creation).
• Modern penetration testing tools and methods.
• Network security, wireless security, and web application security concepts.
• Experience using interpreted languages (e.g., Ruby, Python, PHP).
• Knowledge of common regulatory structures and IT governance.
• Bug Bounty experience, including identifying novel vulnerabilities in internet-facing attack surfaces.
• Relevant security certifications such as OSCP, OSCE, GXPN, OSEE, CREST.
• Experience with Red Team and Purple Team operations.
• Excellent communication skills with internal and external stakeholders.
• Collaborative mindset, contributing to knowledge sharing and cross-training.
• Commitment to the end-to-end testing process, from pre-engagement planning to remediation support.
• Embody our core values to foster a culture of excellence and drive collective success.

We believe that the best ideas and solutions emerge from multi-dimensional teams, reflecting diverse backgrounds and professional experiences. If you are excited about this penetration testing role and believe your experience can make an impact, we encourage you to apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, industry, and communities. We achieve this by leveraging collective expertise and passion to drive extraordinary impact. We foster a dynamic and collaborative workplace that welcomes new ideas.

With over 11,000 customers protected against threats, Rapid7 continuously innovates in cybersecurity. If you are ready to tackle complex cybersecurity challenges and advance your career, join our team.