Senior Penetration Tester (Internal InfoSec Team)



Melbourne, VIC, Australia
Posted on Monday, October 30, 2023

Do you enjoy attacking networks? Do you want to see the direct results of your work implemented? Do you want to dig deeper into a company’s security posture? Do you want to learn more about how the “blue” team works? As a pentester on our Information Security Operations team you will be fully integrated into the frontlines of Rapid7’s security. Your skills and experience will be used to stand up and integrate pentesting operations into a full cycle cyber security program.

About the Team

Our Information security team is tasked with enhancing our security posture and elevating customer confidence in Rapid7 products. Together, we lead the effective delivery of business outcomes, and program maturation through standardization and iterative improvement. As part of our team, you'll work with highly engaged and capable colleagues to build and implement complex, cross-functional initiatives that secure our business, our employees, and our customers.

About the Role

As a Penetration Tester on our InfoSec team, you will play a key role in improving the overall Information Security posture at Rapid7 and help to improve our ability to detect and respond to malicious activity through adversary emulation and structured offensive security exercises. In this role, you will manage and sustain an offensive security program focused on new offensive methodologies and adversary emulation while fostering a positive relationship with our defensive security counterparts. We are looking for someone with a strong background in information security with a passion for penetration testing and a strong desire to drive information security improvements across our organization.

In this role, you will:

  • Perform manual penetration tests of network services, network infrastructure, IoT devices, and software

  • Design and deliver red team exercises (setting up C2 servers, EDR evasion, deploying and operating out of C2 agents)

  • Clearly document and communicate findings and remediation recommendations to leadership and device/software owners

  • Partner with our Security Operations Center (SOC) to operationalize new detection concepts

  • Conduct vulnerability research and participate in exploit development

  • Collaborate and assist with threat hunting activities

  • Support Risk Assessments, Third Party Penetration Tests, Vulnerability Assessments, Incident Response and Investigation, and Cybercrime Response

The skills you’ll bring include:

  • 5+ years of experience in Information Security, possessing a strong understanding of security concepts and disciplines

  • 3+ years experience of Penetration Testing (Internal/External Network, WebApp, Cloud, etc.)

  • Extensive experience with offensive security tools, concepts and procedures

  • Excited by technology, curious and eager to learn

  • The attitude and ability to thrive in a high-growth, evolving environment

  • Collaborative team player who has the ability to partner with others and drive toward solutions

  • Strong creative problem solving skills

  • Solid communicator with excellent written and verbal communications skills both within the team and cross functionally

It would be great if you also had:

  • Computer related degree would be advantageous

  • GPEN, eCPPT, OSCP or other pertinent industry-recognized certifications

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact.

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever’s next.

Join us and bring your unique experiences and perspectives to tackle some of the world’s biggest security challenges.