Rapid7 Penetration Tester - InfoSec 

United Kingdom, Northern Ireland, Belfast 

729335146

About the Role
As a Penetration Tester on our InfoSec team, you'll play a crucial part in strengthening our organization’s Information Security by focusing on web application penetration testing. You will contribute to enhancing our ability to identify, assess, and mitigate vulnerabilities within web applications, improving our overall security posture. Your responsibilities will include running targeted penetration tests, simulating adversarial tactics, and collaborating with both development teams and defensive security counterparts to address vulnerabilities.

In this role, you will:

• Perform web/API/mobile/code review/thick client application penetration testing and other testing where appropriate and as required (such as network, cloud, IoT);

• Perform vulnerability/attack surface assessments and provide findings with remediation actions to leadership and device/software owners;

• Provide well-written, concise, technical and non-technical reports in English;

• Coordinate with development and engineering teams on remediating vulnerabilities;

• Partner with our Security Operations Center (SOC) / Threat Hunt Team to operationalize new detection concepts

• Coach and mentor team members where appropriate;

• Perform any other appropriate job duties in line with the associated skill and experience of the post holder.

The skills you’ll bring include:

• Ideally 2-4 years of experience as a Web Application Penetration Tester with industry recognised security certifications (OSWE, CCT APP);

• Proven industry experience with offensive security tools (such as Burp Suite, Postman, SAST/DAST tooling);

• Strong understanding of OWASP and MITRE ATT&CK framework;

• Demonstrable knowledge of how modern applications are designed and deployed across different platforms and how to abuse workflow logic;

• Ability to program or script in your preferred language;

• Experience leading web application penetration testing projects and acting as a lead technical point of contact;

• Capable of working independently with minimal supervision

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 11,000+ global customers ahead of whatever’s next.