Mid Pentester na Thoropass

At Thoropass, we are revolutionizing the compliance and audit industry by integrating cutting‑edge AI technology with expert human insight. The company offers an all‑in‑one platform combining compliance automation software, a tech‑enabled audit firm and pentest services. Thoropass was founded in 2019, headquartered in New York, and has raised $97M in funding. This role is a Mid Penetration Tester responsible for delivering web, network, mobile and API penetration tests, developing countermeasures, presenting reports, and building the penetration testing function.

Requirements

Experience

3-5+ years in pentesting/red teaming role

Skills

Network penetration testing
Web application penetration testing
AWS penetration testing
API penetration testing
Android penetration testing
iOS penetration testing
Cloud penetration testing
OSINT
Exploit development
IoT penetration testing
Web3 security review
Secure code review
Black box testing
Gray box testing
Manual penetration testing
Automated penetration testing
Bash scripting
Python scripting
Project management
Cross-functional collaboration
Stakeholder communication

Languages

English

Certifications

Burp Suite Certified Practitioner
OSCP
PWPT

Responsibilities

Conduct web, network, mobile and API penetration tests with automated and manual testing, using black box or gray box testing methods.
Demonstrate lateral movement capabilities and expose potential data exfiltration opportunities to simulate real-world attack scenarios.
Develop effective countermeasures to address both known and unknown vulnerabilities within internal networks, employing advanced adversarial tactics to highlight security gaps.
Employ innovative thinking to overcome security protection mechanisms, craft proof‑of‑concept code, and exploit business logic.
Present detailed reports and findings to customers in a clear and concise manner, in fluent written and oral English. Advise customers on remediation efforts as needed.
Identify recurring issues and contribute to the automation of the penetration testing process, enabling scalability and expansion.
Share your expertise through regular internal knowledge‑sharing sessions, maintaining comprehensive documentation, and educating technical staff on security protocols.
Serve as a trusted expert in the offensive security field, staying up‑to‑date with the latest trends and best practices.
Collaborate cross‑functionally with the Customer Success team and Sales & Marketing team to hit revenue goals and deliver the best customer experience.

Technologies

Burp SuiteNessusNmapKali LinuxPythonBashAWSAndroidiOSCloudOSINTExploit development

Descubra se seu currículo está pronto para esta vaga

Veja como nossa IA pode otimizar seu currículo e aumentar suas chances de conseguir esta posição.