Mid Pentester at Thoropass

Apply
More jobs at Thoropass

At Thoropass, we are revolutionizing the compliance and audit industry by integrating cutting‑edge AI technology with expert human insight. The company offers an all‑in‑one platform combining compliance automation software, a tech‑enabled audit firm and pentest services. Thoropass was founded in 2019, headquartered in New York, and has raised $97M in funding. This role is a Mid Penetration Tester responsible for delivering web, network, mobile and API penetration tests, developing countermeasures, presenting reports, and building the penetration testing function.

Requirements

Experience

  • 3-5+ years in pentesting/red teaming role

Skills

  • Network penetration testing
  • Web application penetration testing
  • AWS penetration testing
  • API penetration testing
  • Android penetration testing
  • iOS penetration testing
  • Cloud penetration testing
  • OSINT
  • Exploit development
  • IoT penetration testing
  • Web3 security review
  • Secure code review
  • Black box testing
  • Gray box testing
  • Manual penetration testing
  • Automated penetration testing
  • Bash scripting
  • Python scripting
  • Project management
  • Cross-functional collaboration
  • Stakeholder communication

Languages

  • English

Certifications

  • Burp Suite Certified Practitioner
  • OSCP
  • PWPT

Responsibilities

  • Conduct web, network, mobile and API penetration tests with automated and manual testing, using black box or gray box testing methods.
  • Demonstrate lateral movement capabilities and expose potential data exfiltration opportunities to simulate real-world attack scenarios.
  • Develop effective countermeasures to address both known and unknown vulnerabilities within internal networks, employing advanced adversarial tactics to highlight security gaps.
  • Employ innovative thinking to overcome security protection mechanisms, craft proof‑of‑concept code, and exploit business logic.
  • Present detailed reports and findings to customers in a clear and concise manner, in fluent written and oral English. Advise customers on remediation efforts as needed.
  • Identify recurring issues and contribute to the automation of the penetration testing process, enabling scalability and expansion.
  • Share your expertise through regular internal knowledge‑sharing sessions, maintaining comprehensive documentation, and educating technical staff on security protocols.
  • Serve as a trusted expert in the offensive security field, staying up‑to‑date with the latest trends and best practices.
  • Collaborate cross‑functionally with the Customer Success team and Sales & Marketing team to hit revenue goals and deliver the best customer experience.

Technologies

Burp SuiteNessusNmapKali LinuxPythonBashAWSAndroidiOSCloudOSINTExploit development

Share job

See if your resume is ready for this job

See how our AI can optimize your resume and improve your chances for this role.