Senior Security Consultant - Emergent Threat & Exploit Researcher

Do you enjoy attacking networks, sifting through vast attack surfaces, and crafting novel attack chains to breach client perimeters? Are you skilled at gaining initial access, moving laterally, and demonstrating impact while evading security teams and controls?

As a Penetration Tester on the Global Services team at Rapid7, you will enhance client security posture through your technical expertise in both offensive and defensive cybersecurity strategies.

About the Team: Vector Command Red Team

Vector Command operates as an always-on Red Team, supporting multiple customers. As part of this specialized team, you will emulate real adversaries by performing large-scale reconnaissance, identifying exposed or high-value assets, and discovering weaknesses for compromise. Post-access, the team focuses on post-compromise objectives to demonstrate real impact, evade detection, and assess security control effectiveness. This service goes beyond vulnerability assessment, testing the customer’s entire security posture and defense-in-depth strategy.

Beyond offensive operations, you will support customers with external attack surface analysis, exposure reconnaissance, tool integration, monthly Red Team report preparation, and prioritizing customer requests. Daily collaboration with Vector Command operators is crucial, as is staying informed on new vulnerabilities, shifts in customer attack surfaces, and environmental changes.

About the Role: Continuous Red Teaming

Your primary responsibility is to deliver Rapid7’s Vector Command Continuous Red Teaming service. In this role, you will investigate emerging threats, uncover novel vulnerabilities across extensive external attack surfaces, and attempt to breach customer perimeter defenses to gain initial access. For new N-day or zero-day vulnerabilities, you will rapidly analyze them, recreate proof-of-concepts, and assess customer environments for exposure. Between these high-priority efforts, you will actively hunt for novel vulnerabilities and unique attack paths across customer attack surfaces to support initial access operations. Specifically, your focus will include:

• Evaluating large external attack surfaces to identify vulnerabilities enabling initial access.
• Collaborating closely with Red Team operators in daily meetings to establish attack objectives and operational direction.
• Analyzing, developing, and exploiting N-day and newly released zero-day vulnerabilities relevant to customer environments.
• Identifying novel attacks through black-box evaluation of customer web applications, leading to initial access or sensitive data exposure.
• Developing and maintaining positive client relationships, understanding their business and needs.
• Participating in industry conferences and professional organizations.
• Creating additional value for clients through continuous insights and consultative advice based on experience, industry standards, and leading practices.
• Translating technical concepts for non-security personnel.
• Mentoring and coaching junior staff to promote growth, project contributions, and knowledge sharing.
• Meeting professional practice standards and demonstrating exceptional skill in core service areas.

Skills and Qualities You’ll Bring:

• 5+ years in an active technical security role & 4+ years of Penetration Testing Consulting experience.
• Expert knowledge of:
  • Modern penetration testing tools and methods.
  • Network and web-based application security concepts.
  • Windows/Linux/UNIX internals.
  • Exploit research and development.
• Experience using multiple interpreted languages (Ruby, Python, PHP, etc.) and compiled languages (Java, C, C++, Assembly, etc.).
• Technical competencies, including previous technical consulting experience.
• High-quality report writing and peer reviewing.
• Strong knowledge of common regulatory structures, obligations, and IT governance.
• Ability to effectively lead teams of penetration testers on engagements.
• Comfort explaining findings and recommendations to technical and non-technical audiences, including C-Level and Board briefings.
• Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet-facing attack surfaces.
• Certifications such as OSCP, OSCE, GXPN, OSEE, CREST.
• Experience with Red & Purple Teams.
• Excellent communication skills with internal and external stakeholders.
• Collaborative mindset, contributing to knowledge sharing and cross-training.
• Commitment to the "end-to-end" testing process, from pre-engagement planning to accountable support during final remediation.
• Embodiment of core values to foster a culture of excellence, driving meaningful impact and collective success.

Rapid7 believes in multi-dimensional teams that reflect diverse backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, we encourage you to apply today.

#LI-PB1 #LI-Remote

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, industry, and communities. We achieve this by harnessing our collective expertise and passion to challenge possibilities and drive extraordinary impact. We foster a dynamic and collaborative workplace where new ideas are welcomed.

Protecting over 11,000 customers against bad actors and threats means we continuously innovate, as we have for the past 20 years. If you’re ready to solve tough cybersecurity challenges, we’re here to help you take command of your career. Join us.