Senior Security Consultant, Red Team Lead

Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack surface, crafting novel attack chains to breach a client's perimeter, gaining initial access, laterally moving, and demonstrating impact, all while evading security teams and their controls? As a penetration tester on the Global Services team at Rapid7, you will help our clients improve their security posture through your technical skills and knowledge of both offensive and defense strategies.
About the Team
Vector Command is an always-on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large-scale reconnaissance, identifying exposed or high-value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post-compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities-it tests the customer's entire security posture and defense-in-depth strategy.
In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments.
About the Role
In this role, you will lead Rapid7's Vector Command continuous Red Teaming service, overseeing team operations and post-compromise breach simulation activities.
Vector Command is an always-on Red Team operation supporting multiple customers. This role oversees the pod's operations, ensuring attack quality, target alignment, and overall customer success. During a breach, the Lead develops payloads, executes evasion techniques, and drives post-compromise simulation activities. This position maintains broad involvement across all phases of the operation. Specifically, your focus will be to:

• Develop new Red Team Tactics, Techniques, and Procedures (TTPs) for performing black-box Red Team operations against a group of customers, all year long.
• Provide guidance and assistance to pod members working on their operations, such as social engineering, exploit development, and external network penetration testing.
• Manage Red Team infrastructure and initial access payloads.
• Oversee and be responsible for quality customer deliverables of testing activities and findings produced by your pod.
• Develop and maintain positive relationships with clients and understand their business and needs.
• Lead monthly meetings with clients and daily standup meetings with the Vector Command pod.
• Participate in industry conferences and professional organizations
• Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices
• Translate technical concepts and convey them to non-security personnel
• Mentor and coach junior staff to promote growth, project contributions, and knowledge sharing.
• Technical competencies, including previous technical consulting experience

The skills and qualities you'll bring include:

• 5+ years in an active technical security role, with 4+ years Penetration Testing Consulting experience
• Expert knowledge of Red Team operations:
  
  • Initial access payload development
  • Creation, modification, and implementation of TTPs which evade security controls
  • A mindset for designing offensive operations to gain initial access, laterally move, and persist within customer environments.
  • Develop, deploy, and maintain Command and Control (C2) infrastructure as necessary.
  • Ability to adapt tradecraft to emulate the latest adversary TTPs.
• Expert knowledge of the following penetration testing areas:
  
  • Modern penetration testing tools and methods
  • Network and web-based application security concepts
  • Windows/Linux/UNIX internals
  • Social engineering techniques and tactics
• Experience using multiple interpreted languages (Ruby, Python, JavaScript, etc.) and compiled languages (Golang, C#, C++, etc.)
• Knowledge of common regulatory structures and obligations and common I.T. governance.
• Experience leading long-term red team operations with the ability to effectively lead teams of penetration testers while on engagements

• Certifications such as OSCP, OSCE, GXPN, OSEE, CREST
• Prior contribution to the Red Team offensive security space through open-source tool or tradecraft development and/or discovery and responsible disclosure of new vulnerabilities.
• Collaborative mindset, contributing to knowledge sharing and cross training
• Excellent communication skills both with internal and external stakeholders
• Demonstrate a commitment to the "end-to-end" testing process, from the initial pre-engagement planning to providing accountable support during the final remediation phase.
• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
#LI-PB1
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.