Junior Penetration Tester

Summary

Join Thoropass as a Junior Penetration Tester and contribute to delivering penetration tests to our customers. You will conduct various types of penetration tests, develop countermeasures, and present detailed reports. This player-coach role involves mentoring junior team members and contributing to the automation of the penetration testing process. The ideal candidate possesses strong technical expertise in penetration testing, excellent communication skills, and a passion for solving complex security challenges. Thoropass offers a competitive salary, exceptional healthcare, equity, remote work, flexible PTO, and other benefits.

Requirements

• 1-2 years in a pentesting / red teaming role
• Deep technical expertise in network pentesting, web app pentesting, AWS pentesting, and API pentesting
• Familiarity with the majority of the following areas: Android pentesting, iOS pentesting, cloud pentesting, OSINT, exploit development, IoT pentesting, Web3 security review, secure code review - white box pentesting
• At least 1 of the following certifications: Burp Suite Certified Practitioner, OSCP OR PWPT
• Knowledge of current attack methods, manual penetration testing techniques, and popular hacking tools (e.g., Nessus, Nmap, Kali Linux, Burp Suite Pro)
• Experience with Hack the Box, Portswigger Academy, or similar learning platforms
• Proficient scripting skills in bash, Python, or similar languages
• Fluency in English, with exceptional verbal & written communication. You’re able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner
• Strong project management skills with experience working with cross-functional teams and influencing stakeholders at all levels of the organization

Responsibilities

• Deliver Penetration Testing Engagements
• Conduct web, network, mobile and API penetration tests with automated and manual testing, using black box or gray box testing methods
• Demonstrate lateral movement capabilities and expose potential data exfiltration opportunities to simulate real-world attack scenarios
• Develop effective countermeasures to address both known and unknown vulnerabilities within internal networks, employing advanced adversarial tactics to highlight security gaps
• Employ innovative thinking to overcome security protection mechanisms, craft proof-of-concept code, and exploit business logic
• Present detailed reports and findings to customers in a clear and concise manner, in fluent written and oral English. Advise customers on remediation efforts as needed
• Build Penetration Testing Function
• Identify recurring issues and contribute to the automation of the penetration testing process, enabling scalability and expansion
• Share your expertise through regular internal knowledge-sharing sessions, maintaining comprehensive documentation, and educating technical staff on security protocols
• Serve as a trusted expert in the offensive security field, staying up-to-date with the latest trends and best practices
• Collaborate cross-functionally with the Customer Success team and Sales & Marketing team to hit revenue goals and deliver the best customer experience

Preferred Qualifications

Familiarity with programming languages such as C/C++, Java, .NET, Python, and manual source code analysis

Benefits

• Competitive base salary
• Exceptional private healthcare
• Early equity in a fast-growing company
• Work-from-home model
• Flexible PTO
• Home office equipment
• Monthly wellness and home Wi-Fi stipend