Penetration Tester, Vector Command, Social Engineering Specialist

📋 Description

• • Are you a cybersecurity enthusiast with a passion for dissecting networks and uncovering vulnerabilities? Do you thrive on the challenge of emulating real-world adversaries, meticulously planning and executing sophisticated attack chains to breach client perimeters? If so, Moose Labs LLC is seeking a highly skilled Penetration Tester, Vector Command, and Social Engineering Specialist to join our dynamic Global Services team.
• • In this pivotal role, you will be instrumental in enhancing our clients' security postures through the application of your advanced technical acumen and a deep understanding of both offensive and defensive security strategies. You will operate within the specialized Vector Command team, which functions as an always-on Red Team operation, supporting a diverse range of clients.
• • Your primary mission will involve emulating sophisticated adversaries by conducting large-scale reconnaissance, identifying exposed or high-value assets, and uncovering critical weaknesses that can be exploited for compromise. Upon gaining initial access, you will proceed with post-compromise objectives, focusing on demonstrating tangible impact, evading detection mechanisms, and rigorously assessing the effectiveness of our clients' security controls and their overall defense-in-depth strategies.
• • This service goes beyond mere vulnerability identification; it provides a comprehensive evaluation of a client's entire security ecosystem. You will be responsible for performing external attack surface analysis, detailed exposure reconnaissance, integrating various accounts and tools, preparing comprehensive monthly Red Team reports, and effectively prioritizing client requests.
• • Daily collaboration with fellow Vector Command operators is paramount, as is maintaining a keen awareness of emerging vulnerabilities, shifts in client attack surfaces, and evolving changes within client environments. Your proactive engagement and continuous learning will be key to staying ahead of evolving threats.
• • The core of your responsibility will be the successful delivery of Rapid7’s Vector Command Continuous Red Teaming service. This involves designing and executing social engineering campaigns that operate at scale, supporting numerous clients each month, and meticulously emulating modern adversary Tactics, Techniques, and Procedures (TTPs).
• • These campaigns are strategically designed to achieve initial access, prioritizing successful compromise over mere click rates. They are frequently integrated with external vulnerabilities or misconfigurations to showcase real-world impact and the potential consequences of security gaps.
• • Specifically, your day-to-day activities will encompass deploying, configuring, and maintaining robust social engineering infrastructure to execute phishing operations at an extensive scale. You will conduct both manual and automated reconnaissance at scale to identify suitable targets for social engineering operations on a monthly basis.
• • A critical aspect of your role will be leveraging external network vulnerabilities, as reported by other Vector Command team members, to execute targeted, real-world social engineering attacks. This includes incorporating techniques such as subdomain takeovers and cross-site scripting (XSS) into your campaigns to maximize effectiveness.
• • You will be expected to research and implement the latest advancements in social engineering techniques into your monthly campaigns, ensuring that our methods remain cutting-edge and highly effective. Furthermore, you will actively research and test methods to bypass common social engineering defenses, including email filters, download restrictions, and multi-factor authentication mechanisms, aiming to be an expert in delivering phishing emails that successfully reach the client's inbox.
• • The role also involves designing and executing sophisticated vishing (voice phishing) campaigns. You will be responsible for incorporating payloads provided by the Red Team lead into both phishing and vishing operations, ensuring seamless integration and execution.
• • Upon successful credential breach or payload execution, you will meticulously evaluate the impact and coordinate closely with other Vector Command team members to facilitate post-compromise breach simulation activities. This collaborative approach ensures a holistic and impactful red teaming exercise.
• • You will foster strong, positive relationships with clients, developing a deep understanding of their unique business operations and specific security needs. Your role extends to creating additional value for clients through continuous insights and consultative advice, drawing upon your extensive experience with the client, their industry, established security standards, and leading best practices.
• • This position demands a commitment to the entire end-to-end testing process, from the initial pre-engagement planning stages through to providing accountable support during the final remediation phase, ensuring clients receive comprehensive assistance throughout the engagement lifecycle.