Security Associate (Penetration Testing, Incident Response, Advisory Services)
Are you prepared to take on today’s most sophisticated attackers?
Rapid7’s Security Consultant Development Program provides up and coming technology and security professionals and college graduates with the skills needed to become trusted advisors in all areas of our consulting services. Rapid7’s Security Consultant Development Program provides aspiring security consultants with both the technical and soft skills needed to become trusted advisors in all areas of our consulting services. Participants will work alongside our consultants and directly with our clients to identify and exploit vulnerabilities, document findings, provide security guidance and advice, to help them improve their security posture.
Do you enjoy the thrill of the hunt? Do you have a passion for security? Whether you have a desire to be on the offensive or defensive side, or even advising across both, we just want to know: do you want to take your skills to the next level by working with and learning from some of the industry's best security professionals?
You will partner directly with our Penetration Testing, Incident Response, and Advisory Services teams who will serve as mentors and collaborators to help you learn and grow your consulting and technical skills. Our consulting professionals pride themselves on their ability to think critically and adapt to constantly changing attack methodologies, exploitation methods, and complex regulatory landscapes to deliver top-notch services and help Rapid7’s clients develop world-class security programs.
Reporting to the Consultant Development Practice Lead, the Rapid7 Security Associate is an entry level role designed to provide individuals with the experience needed to become successful consultants in our Penetration Testing, Incident Response and Advisory Services practice areas.
Rapid7 Global Consulting delivers services that transform the way our clients implement, view and manage their security programs using risk, policy and data-driven analysis to empower more relevant and impactful decisions. Our clients engage us to perform world-class program assessment/development, penetration testing, and incident response services and provide world-class analytic response services.
Advisory Services Core Responsibilities :
Evaluate IT and information security infrastructure as well as policies and processes within client environments across a broad range of industries
Work closely with client contacts to understand business objectives, risk tolerance, and the current state of their security programs
Review, design and develop state-of-the-art-security programs
Document and deliver technical findings and recommendations to client personnel
Assist with the creation and maintenance of a knowledge base of methodologies and recommendations aligned with standards such as PCI, ISO, HIPAA, CSC20, NIST and other regulatory and industry oversight
Incident Response Core Responsibilities:
Contribute to incident response program development and special projects
Assist in capturing and deploying indicators of compromise and attack methodologies
Advise clients on security best practices and attack mitigation strategies
Penetration Testing Core Responsibilities:
Conduct the following types risk-driven security assessments:
Vulnerability validation testing
Social engineering campaigns
Network penetration testing
Web application penetration testing
Additionally you will:
Actively participate within the Rapid7 Community and security industry as an advocate and advisor
Drive research initiatives to further offensive and defense security capabilities and brand reputation through public speaking, and blogs
Develop and maintain positive relationships with clients
Execute delivery work that exceeds expectations
Understand the client's business and needs in each engagement
Assist the consulting team in developing assessment toolkits, processes and methodologies, and research and reference materials
Due to the collaborative nature of the role and the resources available for continued growth and development, the Security Associate role will reside in Rapid7’s Austin, TX office.
1+ year in Information Technology or Bachelor's degree or foreign equivalent in Engineering, Computer Science, MIS, CIS or related field
Ability to build relationships with, understand business needs of, and deliver demonstrable value to management technical teams, and clients.
Outstanding verbal and written communication skills
Willingness to learn quickly
Experience using interpreted languages (Ruby, Python, PHP, etc.)
Demonstrated passion for security concepts, theories, common attack frameworks, exploitation tools and methods and client satisfaction
Knowledge of Windows, Linux, networking, web application security concepts, common attacks and countermeasures
Willingness to travel up to 35%
Previous security consulting experience at professional services firm.
Master’s degree or foreign equivalent in Engineering, Computer Science, MIS, CIS or related field
Experience in IT operations roles, such as systems administration, network administration, etc.
Customer service experience
Experience with the following common security concepts and technologies: Security Information and Event (SIEM), Log Management, Governance Risk and Compliance (GRC), Identity Access Management, IDS/IPS, Advanced Persistent Threats, Anti-Virus, Vulnerability Management, Business Intelligence, Threat Intelligence
Experience with network analysis, web application penetration testing tools and methods, reverse engineering, binary analysis, endpoint analysis, malware analysis, and enterprise incident response
Experience in enterprise security and how various technologies and processes work together for increasing threat detection and streamlining incident response
One of the following certifications (or equivalent): CREST, CHECK, GPEN, OSCP, CEH, CISSP, CPT, eCPPT, etc.