Mid Pentester

Summary

Join Thoropass, a company revolutionizing compliance and audit with AI, as a Mid Penetration Tester. Deliver penetration tests to customers, encompassing vulnerability assessments and various pentests. This player-coach role involves creating customer-facing pentest reports and mentoring junior team members. The ideal candidate possesses strong technical skills, strategic thinking, and operational capabilities. Thoropass offers a competitive salary, exceptional healthcare, equity, remote work, flexible PTO, and other benefits. The company values thoughtful risk-taking, curiosity, teamwork, and achieving ambitious goals. Thoropass is a fast-growing, virtual global company with a presence in over 18 countries.

Requirements

• 3-5+ years in a pentesting / red teaming role
• Deep technical expertise in network pentesting, web app pentesting, AWS pentesting, and API pentesting
• Familiarity with the majority of the following areas: Android pentesting, iOS pentesting, cloud pentesting, OSINT, exploit development, IoT pentesting, Web3 security review, secure code review - white box pentesting
• At least 1 of the following certifications: Burp Suite Certified Practitioner, OSCP OR PWPT
• Knowledge of current attack methods, manual penetration testing techniques, and popular hacking tools (e.g., Nessus, Nmap, Kali Linux, Burp Suite Pro)
• Experience with Hack the Box, Portswigger Academy, or similar learning platforms
• Proficient scripting skills in bash, Python, or similar languages
• Fluency in English, with exceptional verbal & written communication. You’re able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner
• Strong project management skills with experience working with cross-functional teams and influencing stakeholders at all levels of the organization

Responsibilities

• Deliver Penetration Testing Engagements
• Conduct web, network, mobile and API penetration tests with automated and manual testing, using black box or gray box testing methods
• Demonstrate lateral movement capabilities and expose potential data exfiltration opportunities to simulate real-world attack scenarios
• Develop effective countermeasures to address both known and unknown vulnerabilities within internal networks, employing advanced adversarial tactics to highlight security gaps
• Employ innovative thinking to overcome security protection mechanisms, craft proof-of-concept code, and exploit business logic
• Present detailed reports and findings to customers in a clear and concise manner, in fluent written and oral English. Advise customers on remediation efforts as needed
• Build Penetration Testing Function
• Identify recurring issues and contribute to the automation of the penetration testing process, enabling scalability and expansion
• Share your expertise through regular internal knowledge-sharing sessions, maintaining comprehensive documentation, and educating technical staff on security protocols
• Serve as a trusted expert in the offensive security field, staying up-to-date with the latest trends and best practices
• Collaborate cross-functionally with the Customer Success team and Sales & Marketing team to hit revenue goals and deliver the best customer experience

Preferred Qualifications

Familiarity with programming languages such as C/C++, Java, .NET, Python, and manual source code analysis

Benefits

• Competitive base salary
• Exceptional private healthcare
• Early equity in a fast-growing company
• Work-from-home model
• Flexible PTO
• Home office equipment
• Monthly wellness and home Wi-Fi stipend