Security Associate (Penetration Testing, Incident Response, Advisory Services)
Job Overview
Are you prepared to take on today’s most sophisticated attackers?
Rapid7’s Security Consultant Development Program provides up and coming technology and security professionals and college graduates with the skills needed to become trusted advisors in all areas of our consulting services. Rapid7’s Security Consultant Development Program provides aspiring security consultants with both the technical and soft skills needed to become trusted advisors in all areas of our consulting services. Participants will work alongside our consultants and directly with our clients to identify and exploit vulnerabilities, document findings, provide security guidance and advice, to help them improve their security posture.
Do you enjoy the thrill of the hunt? Do you have a passion for security? Whether you have a desire to be on the offensive or defensive side, or even advising across both, we just want to know: do you want to take your skills to the next level by working with and learning from some of the industry's best security professionals?
You will partner directly with our Penetration Testing, Incident Response, and Advisory Services teams who will serve as mentors and collaborators to help you learn and grow your consulting and technical skills. Our consulting professionals pride themselves on their ability to think critically and adapt to constantly changing attack methodologies, exploitation methods, and complex regulatory landscapes to deliver top-notch services and help Rapid7’s clients develop world-class security programs.
Reporting to the Consultant Development Practice Lead, the Rapid7 Security Associate is an entry level role designed to provide individuals with the experience needed to become successful consultants in our Penetration Testing, Incident Response and Advisory Services practice areas.
Rapid7 Global Consulting delivers services that transform the way our clients implement, view and manage their security programs using risk, policy and data-driven analysis to empower more relevant and impactful decisions. Our clients engage us to perform world-class program assessment/development, penetration testing, and incident response services and provide world-class analytic response services.
Advisory Services Core Responsibilities :
- Evaluate IT and information security infrastructure as well as policies and processes within client environments across a broad range of industries
- Work closely with client contacts to understand business objectives, risk tolerance, and the current state of their security programs
- Review, design and develop state-of-the-art-security programs
- Document and deliver technical findings and recommendations to client personnel
- Assist with the creation and maintenance of a knowledge base of methodologies and recommendations aligned with standards such as PCI, ISO, HIPAA, CSC20, NIST and other regulatory and industry oversight
Incident Response Core Responsibilities:
- Contribute to incident response program development and special projects
- Assist in capturing and deploying indicators of compromise and attack methodologies
- Advise clients on security best practices and attack mitigation strategies
Penetration Testing Core Responsibilities:
- Conduct the following types risk-driven security assessments:
- Vulnerability validation testing
- Social engineering campaigns
- Network penetration testing
- Web application penetration testing
Additionally you will:
- Actively participate within the Rapid7 Community and security industry as an advocate and advisor
- Drive research initiatives to further offensive and defense security capabilities and brand reputation through public speaking, and blogs
- Develop and maintain positive relationships with clients
- Execute delivery work that exceeds expectations
- Understand the client's business and needs in each engagement
- Assist the consulting team in developing assessment toolkits, processes and methodologies, and research and reference materials
Location:
Due to the collaborative nature of the role and the resources available for continued growth and development, the Security Associate role will reside in Rapid7’s Austin, TX office.
Requirements:
- 1+ year in Information Technology or Bachelor's degree or foreign equivalent in Engineering, Computer Science, MIS, CIS or related field
- Ability to build relationships with, understand business needs of, and deliver demonstrable value to management technical teams, and clients.
- Outstanding verbal and written communication skills
- Willingness to learn quickly
- Experience using interpreted languages (Ruby, Python, PHP, etc.)
- Demonstrated passion for security concepts, theories, common attack frameworks, exploitation tools and methods and client satisfaction
- Knowledge of Windows, Linux, networking, web application security concepts, common attacks and countermeasures
- Willingness to travel up to 35%
Plusses:
- Previous security consulting experience at professional services firm.
- Master’s degree or foreign equivalent in Engineering, Computer Science, MIS, CIS or related field
- Experience in IT operations roles, such as systems administration, network administration, etc.
- Customer service experience
- Experience with the following common security concepts and technologies: Security Information and Event (SIEM), Log Management, Governance Risk and Compliance (GRC), Identity Access Management, IDS/IPS, Advanced Persistent Threats, Anti-Virus, Vulnerability Management, Business Intelligence, Threat Intelligence
- Experience with network analysis, web application penetration testing tools and methods, reverse engineering, binary analysis, endpoint analysis, malware analysis, and enterprise incident response
- Experience in enterprise security and how various technologies and processes work together for increasing threat detection and streamlining incident response
- One of the following certifications (or equivalent): CREST, CHECK, GPEN, OSCP, CEH, CISSP, CPT, eCPPT, etc.