Vector Command Specialist

As a Vector Command Specialist, you will work with a team of offensive security consultants to help clients improve their security posture through your technical skills and knowledge of attack surface management strategies. You will serve as an entry-level technical analyst and customer liaison. You will also work with various Managed Services teams to help deliver monthly reports to customers, address customer needs, and assist with other security consultant deliverables.
About the Team
Your primary responsibility will be to support Vector Command customers by conducting external attack surface analysis, exposure reconnaissance, account and tool integrations, preparing monthly red team report deliverables, and prioritizing customer requests. You will work daily with Rapid7's Vector Command Red Team operators, assisting with ongoing red team exercises and staying up to date on the latest vulnerabilities, customer attack surface changes, and exposures within customer environments.
About the Role
Customer Facing Responsibilities:

• Onboard customers to the Vector Command platform and technologies.
• Oversee and ensure the completeness of customer report deliverables.
• Serve as the primary point of contact for customer inquiries related to testing operations, alerts, or general Vector Command questions associated with Red Team activities.
• Coordinate and host monthly Vector Command Red Team update calls in conjunction with a Rapid7 Red Team lead.
• Translate technical concepts and communicate them effectively to non-security personnel.
• Coordinate communications between internal Rapid7 services on behalf of customers, including the Managed Detection and Response (MDR) and Managed Vulnerability Management (MVM) teams.
• Provide monthly written summaries of each customer's attack surface and Vector Command Red Team operations.

Attack Surface Analyst, Internal Red Team:

• Analyze each customer's exposures and attack surface within the Vector Command platform.
• Conduct manual network and service reconnaissance to identify new exposures.
• Perform Open-Source Intelligence (OSINT) gathering on customers to identify attack surface elements that extend beyond traditional network services.
• Keep the Red Team informed of significant changes in customers' attack surfaces.
• Coordinate customer requests and prioritizations with the Red Team operators.
• Develop scripts to query and analyze attack surface data from numerous sources and automated systems.
• Perform entry level penetration testing activities against external assets, as assigned by the Red Team lead.

The skills and qualities you'll bring include:

• 3+ years in an active technical security role.
• Excellent written and verbal communication skills.
• Previous technical security consulting experience.
• Knowledge of modern penetration testing tools and methods.
• Knowledge of external attack surface reconnaissance techniques to identify customer's internet facing exposures.
• Strong knowledge of network, web-based application, and IEEE 802.11 security concepts.
• Knowledge of Windows/Linux/UNIX internals and the Internet protocol suite.
• Experience using scripting languages such as Python and PowerShell
• Experience with social engineering techniques and tactics related to reconnaissance and OSINT gathering.
• A Bachelor's degree in Computer Science, MIS, CIS or a related field, or equivalent experience.
• Certifications such as GPEN, PJPT, PNPT, CPTS, or OSCP are preferred.
• The ability to ask for help.
• Be an Advocate: Use excellent written and verbal communication skills to not just report vulnerabilities, but to advocate for the customer's security posture. Focus on "translating technical concepts" so non-security personnel understand the impact on their business.
• Strategic Alignment: Position your technical testing (network, web app, API) as a way to scale Rapid7's impact within the Global Services division.
• Driving Outcomes over Actions: Instead of just listing "performed technical testing," focus on the outcome: "helping customers remediate and mitigate prevalent threats". Your ability to consistently produce high-quality reports is a direct contribution to successful security outcomes for clients.
• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
#LI-BD1 #LI-Remote
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.
Rapid7, Inc. is committed to fair and equitable compensation practices. A candidate's salary is determined by various factors including, but not limited to, relevant work experience, skills, and certifications. We evaluate compensation decisions on a case-by-case basis, and it is not typical for an individual to be hired at the very top of the salary range.
The salary range for this role in the US is:
$89,300.00 - 120,800.00 USD Annual
Salary ranges may vary based on geographical location. This range does not include variable/incentive compensation, equity and benefits (where applicable/eligible).
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.