Junior Penetration Tester

Working at Thoropass

At Thoropass, we are revolutionizing the compliance and audit industry by integrating cutting-edge AI technology with expert human insight. Our team is dedicated to delivering exceptional customer experiences and high-quality outcomes.

We’re driven by our mission to build a world that’s safer for consumers and ensuring compliance is never a blocker to innovation. By bringing together remarkably talented individuals, we’re looking to help the industry see compliance as an advantage. Join us as we collaborate to establish our platform as the world's leading choice for compliance and audit solutions.

Our Values 

These are the behaviors and skills we look for in our people. Living by these values ensures we are building a team that can grow together and deliver the best possible outcomes for each other and our customers.

• Take thoughtful risk: We solve for today while being considerate of tomorrow—creatively leveraging our tools and abilities to hit ambitious goals.
• Be curious, ask, and learn: We always seek to better understand our industry and our customers. We don’t shy away from mistakes—using every bit of data to learn and iterate.
• Win together: Compliance is a team sport. We proactively engage with one another and check our egos at the door in search of the best ideas.
• Move the needle: Our goals are lofty for a reason. We set clear expectations, give direct feedback, and challenge ourselves to close the gap between those goals and results.

What We Do

Thoropass is transforming the landscape of security compliance and audits. As the only all-in-one platform that combines compliance automation software with a tech-enabled audit firm and pentest services, we offer a modern approach to information security compliance and audit. Our AI-powered solutions, such as First Pass AI, are designed to streamline compliance and accelerate audits for frameworks like SOC, PCI, ISO, HITRUST, HIPAA, and more. Thousands of companies trust Thoropass for high-quality audit and assessment services, delighting in a truly differentiated experience.

Founded in 2019 and headquartered in New York, Thoropass has rapidly expanded with $97M in funding from top investors including J.P. Morgan, PayPal Ventures, Fin Capital, Centana, Canapi, and Bain Capital. We operate as a virtual, global company with a presence in over 18 countries. With substantial growth in both customers and revenue, we are strategically positioned for continued expansion in 2025 and beyond.

About the Role

We are looking for a Junior Penetration Tester to join the security team at Thoropass. You will work alongside senior testers to deliver penetration tests for our customers, covering web applications, APIs, mobile, and networks.

This is a hands-on role where you will spend most of your time testing, learning, and improving your craft. You will receive mentorship and guidance on methodology, reporting, and client communication. Over time, as you develop your skills, you will take on more complex engagements and greater autonomy.

About You

• If you are early in your offensive security career, passionate about finding vulnerabilities, and eager to grow in a fast-paced environment, this role is a great fit.
• You think like an attacker. You enjoy digging into applications and systems to find what others miss, and you get excited when you discover a way to chain small issues into something bigger.
• You are curious and self-driven. You spend time in labs, CTFs, or bug bounty platforms not because someone told you to, but because you want to get better. You are always looking for new techniques, tools, and vulnerability classes to add to your toolkit.
• You are comfortable with AI assisted workflows. You know how to use AI tools to speed up your work while understanding when to trust the output and when to verify manually. You are also curious about how AI features introduce new attack surfaces.

What You'll Do

Deliver Penetration Testing Engagements

• Perform web application, API, mobile, cloud and network penetration tests using both AI tools and manual techniques, following established methodologies based on OWASP Testing Guide and internal playbooks.
• Use AI assisted tools as part of your testing workflow for tasks like reconnaissance, payload generation, and initial triage, while validating results manually and understanding the limitations of automated output.
• Document findings clearly and accurately, including steps to reproduce, evidence (screenshots, request/response pairs), risk ratings, and remediation recommendations.
• Contribute to improving internal templates, checklists, and documentation as you gain experience and notice areas for improvement.
• Assist senior testers with scoping calls and pre-engagement preparation when needed.

Skillsets/ Requirements

• 1 to 3 years of experience in penetration testing, vulnerability assessment, or a closely related offensive security role. Internships, freelance work, and bug bounty experience count.
• At least 1 of the following certifications: BSCP or OSCP. 
• Foundational understanding of web application security concepts, including the OWASP Top 10, common authentication and session management flaws, and injection vulnerabilities.
• Willingness to use AI tools in your workflow and a basic understanding of how to validate AI generated output rather than blindly trusting it.
• Demonstrated passion for security through self-study, lab work, CTF participation, bug bounty programs, personal projects, or relevant coursework.
• Any published security research, responsible disclosures, blog posts, or conference talks, regardless of how small.

• Fluency in English, with professional verbal & written communication. You’re able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner. 

What We Offer

• A structured growth path from junior to mid-level pentester with clear milestones and regular feedback.
• Mentorship from experienced offensive security professionals.
• Budget for training, certifications, and conferences to support your professional development.

LATAM Compensation:

• Competitive base salary
• Exceptional private healthcare
• Early equity in a fast-growing company
• Work-from-home model
• Flexible PTO
• Company-provided laptop
• Monthly wellness and home Wi-Fi stipend