Do you enjoy attacking web apps, APIs, finding and abusing flaws in source code? Do you want exposure to network pentesting? Do you want to see the direct results of your work implemented? Do you want to dig deeper into a company's security posture and make an impact? Do you want to learn more about how the "blue" team works?
As a Pen Tester on our Information Security Operations team you will be fully integrated into the frontlines of Rapid7's security. Your skills and experience will be used to test and improve production applications and drive change into a full cycle cyber security program.
About the Team
Our Information security team is tasked with enhancing our security posture and elevating customer confidence in Rapid7 products. Together, we lead the effective delivery of business outcomes, and program maturation through standardization and iterative improvement.
As part of our team, you'll work with highly engaged and capable colleagues to build and implement complex, cross-functional initiatives that secure our business, our employees, and our customers.
About the Role
As a Penetration Tester on our InfoSec team, you'll play a crucial part in strengthening our organization's Information Security by focusing on web application penetration testing. You will contribute to enhancing our ability to identify, assess, and mitigate vulnerabilities within web applications, improving our overall security posture. Your responsibilities will include running targeted penetration tests, simulating adversarial tactics, and collaborating with both development teams and defensive security counterparts to address vulnerabilities.
We're looking for someone with hands-on experience in web application security, a solid understanding of penetration testing techniques, and a passion for staying ahead of emerging threats. If you're eager to drive real improvements to our security practices and work within a dynamic team, this position will offer opportunities to sharpen your skills while making a significant impact on our security program.
In this role, you will:
- Perform web/API/mobile/code review/thick client application penetration testing and other testing where appropriate and as required (such as network, cloud, IoT);
- Perform vulnerability/attack surface assessments and provide findings with remediation actions to leadership and device/software owners;
- Provide well-written, concise, technical and non-technical reports in English;
- Coordinate with development and engineering teams on remediating vulnerabilities;
- Partner with our Security Operations Center (SOC) / Threat Hunt Team to operationalize new detection concepts
- Coach and mentor team members where appropriate;
- Perform any other appropriate job duties in line with the associated skill and experience of the post holder.
The skills you'll bring include:
- Ideally 2-4 years of experience as a Web Application Penetration Tester with industry recognised security certifications (OSWE, CCT APP);
- Proven industry experience with offensive security tools (such as Burp Suite, Postman, SAST/DAST tooling);
- Strong understanding of OWASP and MITRE ATT&CK framework;
- Demonstrable knowledge of how modern applications are designed and deployed across different platforms and how to abuse workflow logic;
- Ability to program or script in your preferred language;
- Experience leading web application penetration testing projects and acting as a lead technical point of contact;
- Capable of working independently with minimal supervision
We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
About Rapid7
At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what's possible and drive extraordinary impact.
Here, we're building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 11,000+ global customers ahead of whatever's next.
Join us and bring your unique experiences and perspectives to tackle some of the world's biggest security challenges.
#LI-PB1
