Security Consultant, Penetration Testing
We are seeking a Security Consultant to join our Global Services team here at Rapid7! If you excel at delivering penetration testing services and have a keen interest in specializing in IoT ecosystem and embedded hardware security assessments we want to hear from you. This is a full-time, remote (US) opportunity.

About the Team

At Rapid7, our penetration testing consultants bring a wealth of experience from both defensive (blue team) and offensive security roles. Our team members have extensive backgrounds in safeguarding infrastructure, delivering security training, conducting Red Team operations, IoT penetration testing, and exploitation development. When you join Rapid7, you'll be part of a collaborative environment where you can leverage the collective expertise of our entire team.

About the Role

As a Penetration Tester on Rapid7's Global Services team, you'll enhance client security postures by applying your technical expertise and understanding of defense strategies. This role focuses on delivering our fundamental assessments (network, web app, etc.) and is a great opportunity for anyone with an interest in our IoT/Embedded specialization. Beyond technical proficiency, you'll excel through strong communication, timely reporting, continuous learning, and embodying Rapid7's values while contributing to the security community.

As a Security Consultant, your primary responsibility will be to conduct comprehensive penetration tests to identify and address vulnerabilities in our clients' digital assets. Specifically, your focus will be to:

• Execute a variety of penetration tests, including internal/external network, web application, and wireless assessments.

• Analyze security weaknesses and provide actionable recommendations for remediation.

• Develop detailed reports documenting findings, methodologies, and impact.

• Communicate technical findings clearly and effectively to both technical and non-technical stakeholders.

The skills and qualities you’ll bring include:

• At a minimum, being able to deliver:

  • Network Penetration Testing (Internal, External, and Wireless)

  • Web Application Penetration Testing

• Proficient in modern penetration testing tools and methods, including deep understanding of:

  • Network, web application, and IEEE 802.11 security

  • Windows/Linux/UNIX internals and the Internet protocol suite

  • Interpreted (e.g., Ruby, Python) and compiled (e.g., Java, C, C++) programming languages

  • IoT Ecosystems and Embedded Hardware attacks

• OSCP, CPTS, or GPEN (obtained or working towards)

• A ferocious curiosity to figuring out how things work, and a strong willingness to continually learn.

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome.

Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope - just like we’ve been doing for the past 20 years. If you’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us.

#LI-AA2

#LI-Remote

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.