Senior Security Consultant, Emergent Threat & Exploit Researcher

📋 Description

• • Are you a highly skilled security professional with a passion for offensive security, eager to delve into the intricacies of emergent threats and exploit research? Moose Labs LLC is seeking a Senior Security Consultant, Emergent Threat & Exploit Researcher to join our elite Global Services team. This role is pivotal in emulating real-world adversaries, conducting large-scale reconnaissance, identifying high-value targets, and uncovering sophisticated attack chains to breach client perimeters. You will be instrumental in demonstrating impact, evading advanced security controls, and ultimately enhancing our clients' security postures through your deep technical expertise and understanding of both offensive and defensive strategies.
• • As part of the specialized Vector Command team, you will operate in an 'always-on' Red Team environment, supporting a diverse range of customers. Your responsibilities will include performing extensive reconnaissance to map out client attack surfaces, pinpointing exposed or critical assets, and discovering exploitable weaknesses. Once initial access is achieved, you will continue to execute post-compromise objectives, focusing on demonstrating tangible impact, evading detection mechanisms, and rigorously assessing the effectiveness of implemented security controls. This comprehensive approach ensures that we evaluate far more than just individual vulnerabilities; we test the client's entire security posture and their defense-in-depth strategy.
• • Beyond direct offensive operations, you will provide crucial support to clients through detailed external attack surface analysis, in-depth exposure reconnaissance, and the seamless integration of various security accounts and tools. A key aspect of this role involves the meticulous preparation of monthly Red Team reports, offering clear insights and actionable recommendations. You will also play a vital role in prioritizing customer requests, ensuring that our efforts align with their most pressing security needs. Daily collaboration with fellow Vector Command operators is essential, requiring active participation in team meetings and continuous awareness of emerging vulnerabilities, evolving customer attack surfaces, and dynamic changes within customer environments.
• • Your primary mandate will be to expertly deliver Rapid7’s Vector Command Continuous Red Teaming service. This involves a proactive approach to investigating emergent threats, uncovering novel vulnerabilities across vast external attack surfaces, and executing sophisticated attempts to breach customer perimeter defenses for initial access. When new N-day or zero-day vulnerabilities surface, you will be at the forefront, rapidly analyzing them, recreating proof-of-concepts, and assessing customer environments for potential exposure. In the intervals between these high-priority efforts, you will actively hunt for unique vulnerabilities and innovative attack paths across customer attack surfaces to bolster our initial access capabilities.
• • Specifically, your focus will encompass a range of critical activities designed to push the boundaries of offensive security. You will meticulously evaluate large external attack surfaces to identify vulnerabilities that provide a pathway for initial access. Close collaboration with a dedicated team of Red Team operators is paramount, including active participation in daily meetings to define attack objectives and chart the operational direction. A significant part of your role will involve analyzing, developing, and exploiting N-day and newly released zero-day vulnerabilities that are relevant to our clients' environments. You will also be tasked with identifying novel attack vectors through black-box evaluations of customer web applications, aiming to achieve initial access or expose sensitive data. Furthermore, you will cultivate and maintain strong, positive relationships with clients, developing a deep understanding of their business operations and specific security needs. Engaging with the broader security community by participating in industry conferences and professional organizations is also encouraged, fostering knowledge exchange and professional development.
• • You will create additional value for clients by providing continuous insights and consultative advice, drawing upon your extensive experience with their specific environments, industry trends, established security standards, and leading practices. Translating complex technical concepts into clear, understandable language for non-security personnel is a crucial skill. You will also have the opportunity to mentor and coach junior staff, fostering their growth, encouraging project contributions, and promoting a culture of knowledge sharing within the team. Meeting stringent professional practice standards and demonstrating exceptional skill in core service areas will be key to your success in this role.