Junior Penetration Tester
LatAm (Remote)
Thoropass
Working at Thoropass
Thoropass makes it as easy to do the right thing as it is to check a box. Our team members believe that partnership lightens the load. Not everyone can be an expert at everything – lending each other support in areas of weakness strengthens everyone’s offering. We collaborate openly and enthusiastically; without ego.
What We Do
At Thoropass, we’re compliance experts so you don’t have to be. Pairing easy software that’s always getting smarter with expert guidance and continuous monitoring, we integrate into your process to prepare you to pass any audit, every year, with flying colors. Hundreds of growing companies use Thoropass’s compliance automation platform, expert services, auditors and partner ecosystem to get and stay compliant over the lifetime of their business. We offer SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HITRUST, and other infosec and privacy frameworks.
We are a rapidly expanding team based in New York. We were founded in May 2019 and raised our Series C funding in November 2022. Our top investors include: J.P. Morgan, PayPal Ventures, Fin Capital, Centana, and Bain Capital. We're growing customers and revenue dramatically and we’re poised for continued break-out growth in 2023 and beyond.
About the Role
We are looking for a Junior Penetration Tester to deliver penetration tests to Thoropass customers, including vulnerability assessments, web app pentests, and API pentests.
The ideal candidate will be equal-parts penetration tester, strategic thinker, and operational doer with a passion for solving complex challenges and delivering measurable impact for our company and customers.
What You'll Do
Deliver Penetration Testing Engagements
- Conduct web and API penetration tests with automated and manual testing, using black box or gray box testing methods.
- Demonstrate lateral movement capabilities and expose potential data exfiltration opportunities to simulate real-world attack scenarios.
- Develop effective countermeasures to address both known and unknown vulnerabilities within internal networks, employing advanced adversarial tactics to highlight security gaps.
- Employ innovative thinking to overcome security protection mechanisms, craft proof-of-concept code, and exploit business logic.
- Create detailed reports and findings to customers in a clear and concise manner, in fluent written and oral English. Advise customers on remediation efforts as needed.
About You
- You adopt the mindset of an attacker, delving deep to identify potential vulnerabilities and attack vectors.
- You exhibit great judgment and sharp technical instincts that allow you to differentiate essential versus nice-to-have and to make good choices about trade-offs.
- Hungry, humble, scrappy, and will thrive in fast-paced environments and manage multiple priorities simultaneously.
Skillsets/ Requirements
- 1-3+ years in a pentesting / red teaming role.
- Familiarity with web app pentesting and API pentesting.
- At least 1 of the following certifications: eWPT, CEH, PenTest+, eJPT, Burp Suite Certified Practitioner, or equivalent.
- Knowledge of current attack methods, manual penetration testing techniques, and popular hacking tools (e.g., Nessus, Nmap, Metasploit, Kali Linux, Burp Suite Pro, OWASP ZAP).
- Experience with Hack the Box, Portswigger Academy, or similar learning platforms.
- Fluency in English, with exceptional verbal & written communication. You’re able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner.
- Project management skills with experience working with cross-functional teams.
Bonus Points
- Familiarity with programming languages such as Python and Javascript.
Compensation:
- Competitive base salary
- Exceptional private healthcare
- Early equity in a fast-growing company
- Work-from-home model
- Unlimited PTO
- Home office equipment
- Monthly wellness and home Wi-Fi stipend
Equal Opportunity
Thoropass provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Even if you feel you don’t meet every requirement, consider applying! Thoropass acknowledges the research which shows that women and people of color are less likely to apply for jobs when they don’t meet all of the stated qualifications. However, we’re looking for authentic innovators to blaze new trails and you just may be the right person for this or another role.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Automation Black box Burp Suite C CEH Compliance eWPT Exploit GDPR HIPAA HITRUST ISO 27001 JavaScript Kali Linux Metasploit Monitoring Nessus Nmap OWASP PCI DSS Pentesting Privacy Python Red team SOC SOC 2 Vulnerabilities
Perks/benefits: Career development Competitive pay Equity Gear Home office stipend Salary bonus Unlimited paid time off Wellness
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs