Penetration Tester & Social Engineering Specialist

Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack Framest? (original text truncated to fit the paragraph) ...

Vector Command is an always‑on Red Team operation supporting multiple customers. As part of a specialized team, you will UNCOVER and exploit real adversary techniques, performing large‑scale reconnaissance, identifying exposed or high‑value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post‑compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities—it tests the customer’s entire security posture and defense‑in‑depth strategy.

Your primary responsibility is to deliver Rapid7’s Vector Command Continuous Red Teaming service. In this role, you will design social engineering campaigns which function at scale, supporting numerous customers each month, emulating modern adversary TTPs. These campaigns focus on initial access, not click rates, and are often combined with external vulnerabilities or misconfigurations to demonstrate real‑world impact. Specifically, your focus will be to:

• Deploy, configure, and maintain social engineering infrastructure to perform phishing operations at scale.
• Perform manual and automated reconnaissance at scale to identify targets for social engineering operations each month.
• Leverage external network vulnerabilities reported by Vector Command team members in targeted real‑world social engineering attacks (incorporate subdomain takeovers, cross‑site scripting, etc. into campaigns).
• Research the latest techniques in social engineering and implement them in monthly campaigns.
• Research and test methods to bypass social engineering defenses such as email filters, download restrictions, multi‑factor authentication mechanisms, etc. Be an expert in sending phishing emails which make it to the client’s inbox.
• Design and execute vishing campaigns.
• Incorporate payloads provided by the Red Team lead into phishing and vishing operations.
• Upon successful credential breach or payload execution, evaluate the impact and coordinate with Vector Command team members for post‑compromise breach simulation.
• Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction.
• Develop and maintain positive relationships with clients and understand their business and needs.
• Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards, and leading practices.

• 5+ years in an active technical security role
• Strong knowledge of the following:
  • Advanced Social engineering techniques and tactics
  • Infrastructure Bookkeeping (domain records, web servers, Terraform, Ansible, phishing website creation)
  • Modern penetration testing tools and methods
  • Network, wireless and web application security concepts
• Experience using interpreted languages (Ruby, Python, PHP, etc.)
• Knowledge of common regulatory structures, obligations, and IT governance
• Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet‑facing attack surfaces
• Certifications such as OSCP, OSCE, GXPN, OSEE, CREST
• Experience with Red & Purple Teams
• Excellent communication skills both with internal and external stakeholders
• Collaborative mindset, contributing to knowledge sharing and cross training
• Demonstrate a commitment to the "end‑to‑end" testing process, from the initial pre‑engagement planning to providing accountable support during the final remediation phase.
• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

We know that the best ideas and solutions come from multi‑dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy – apply today.

At Rapid7 mesure vision for a secure digital world for our customers, industry, and communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome.

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.