• Serve as the primary point of contact for Tier 1 and Tier 2 user technical support requests, triaging issues and resolving or escalating as appropriate • Provision user laptops and administer a company-wide Mobile Device Management (MDM) solution • Manage inventory of physical and digital IT assets • Onboard and offboard users by managing access through Google Admin Console and related tools • Collaborate with third-party vendors and internal stakeholders to support rollout, troubleshooting, and updates of SaaS tools • Assist with Third Party Risk Management (TPRM) reviews, including security research and audit report reviews • Support technical implementation of security controls aligned with NIST SP 800-171, such as logging, SIEM, incident response, and configuration management • Assist with triage of security events, log audits, and incident response processes

• Baseline our control library mapped to SOC 2, PCI DSS, and key fintech obligations. • Implement lightweight evidence collection pipelines for top controls such as access reviews, backup tests, vulnerability management, and CI/CD change management. • Complete a security risk register refresh with likelihood and impact ratings, and publish a quarterly risk report. • Lead our next SOC 2 Type II audit cycle end‑to‑end, including auditor coordination, population requests, and walkthroughs. • Roll out a vendor risk management workflow integrated with procurement and Legal, including tiering, due diligence, and continuous monitoring. • Partner with Engineering to define secure SDLC checkpoints and automate evidence from GitHub, CI, and cloud. • Develop an AI/ML risk assessment framework covering model governance, training data privacy, and shadow AI usage across the organization. • Drive PCI DSS certification readiness, including SoA ownership, internal audits, and management review inputs. • Establish KPI/KRIs and dashboards for control effectiveness and risk trends consumed by execs and customers. • Mature incident response playbooks and conduct at least one cross‑functional tabletop with measurable improvements. • Establish AI governance policies and integrate AI risk into the existing risk register, vendor assessments, and compliance monitoring.

• Manage processes and technologies to implement identity lifecycle operations for AI agents and service principals • Administer RBAC and ABAC policies • Manage credentials used by AI agents • Collaborate with product teams to capture use cases • Assist in investigations and incident response involving autonomous AI agents

As a Vector Command Specialist, you will work with a team of offensive security consultants to help clients improve their security posture through your technical skills and knowledge of attack surface management strategies. You will serve as an entry-level technical analyst and customer liaison. You will also work with various Managed Services teams to help deliver monthly reports to customers, address customer needs, and assist with other security consultant deliverables. About the Team Your primary responsibility will be to support Vector Command customers by conducting external attack surface analysis, exposure reconnaissance, account and tool integrations, preparing monthly red team report deliverables, and prioritizing customer requests. You will work daily with Rapid7’s Vector Command Red Team operators, assisting with ongoing red team exercises and staying up to date on the latest vulnerabilities, customer attack surface changes, and exposures within customer environments. About the Role Customer Facing Responsibilities: - Onboard customers to the Vector Command platform and technologies. - Oversee and ensure the completeness of customer report deliverables. - Serve as the primary point of contact for customer inquiries related to testing operations, alerts, or general Vector Command questions associated with Red Team activities. - Coordinate and host monthly Vector Command Red Team update calls in conjunction with a Rapid7 Red Team lead. - Translate technical concepts and communicate them effectively to non-security personnel. - Coordinate communications between internal Rapid7 services on behalf of customers, including the Managed Detection and Response (MDR) and Managed Vulnerability Management (MVM) teams. - Provide monthly written summaries of each customer’s attack surface and Vector Command Red Team operations. Attack Surface Analyst, Internal Red Team: - Analyze each customer’s exposures and attack surface within the Vector Command platform. - Conduct manual network and service reconnaissance to identify new exposures. - Perform Open-Source Intelligence (OSINT) gathering on customers to identify attack surface elements that extend beyond traditional network services. - Keep the Red Team informed of significant changes in customers’ attack surfaces. - Coordinate customer requests and prioritizations with the Red Team operators. - Develop scripts to query and analyze attack surface data from numerous sources and automated systems. - Perform entry level penetration testing activities against external assets, as assigned by the Red Team lead. The skills and qualities you’ll bring include: - 3+ years in an active technical security role. - Excellent written and verbal communication skills. - Previous technical security consulting experience. - Knowledge of modern penetration testing tools and methods. - Knowledge of external attack surface reconnaissance techniques to identify customer’s internet facing exposures. - Strong knowledge of network, web-based application, and IEEE 802.11 security concepts. - Knowledge of Windows/Linux/UNIX internals and the Internet protocol suite. - Experience using scripting languages such as Python and PowerShell - Experience with social engineering techniques and tactics related to reconnaissance and OSINT gathering. - A Bachelor’s degree in Computer Science, MIS, CIS or a related field, or equivalent experience. - Certifications such as GPEN, PJPT, PNPT, CPTS, or OSCP are preferred. - The ability to ask for help. - Be an Advocate: Use excellent written and verbal communication skills to not just report vulnerabilities, but to advocate for the customer's security posture. Focus on "translating technical concepts" so non-security personnel understand the impact on their business. - Strategic Alignment: Position your technical testing (network, web app, API) as a way to scale Rapid7's impact within the Global Services division. - Driving Outcomes over Actions: Instead of just listing "performed technical testing," focus on the outcome: "helping customers remediate and mitigate prevalent threats". Your ability to consistently produce high-quality reports is a direct contribution to successful security outcomes for clients. - Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today. #LI-BD1 #LI-Remote About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what’s possible and drive extraordinary impact. We’re building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we’re continuing to push the envelope just like we’ ve been doing for the past 20 years. If you ’re ready to solve some of the toughest challenges in cybersecurity, we’re ready to help you take command of your career. Join us. Rapid7, Inc. is committed to fair and equitable compensation practices. A candidate’s salary is determined by various factors including, but not limited to, relevant work experience, skills, and certifications. We evaluate compensation decisions on a case-by-case basis, and it is not typical for an individual to be hired at the very top of the salary range. The salary range for this role in the US is: $89,300.00 - 120,800.00 USD Annual Salary ranges may vary based on geographical location. This range does not include variable/incentive compensation, equity and benefits (where applicable/eligible). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.