[Hiring] Junior Penetration Tester @Thoropass

Role Description

We are looking for a Junior Penetration Tester to join the security team at Thoropass. You will work alongside senior testers to deliver penetration tests for our customers, covering web applications, APIs, mobile, and networks.

This is a hands-on role where you will spend most of your time testing, learning, and improving your craft. You will receive mentorship and guidance on methodology, reporting, and client communication. Over time, as you develop your skills, you will take on more complex engagements and greater autonomy.

Qualifications

• 1 to 3 years of experience in penetration testing, vulnerability assessment, or a closely related offensive security role. Internships, freelance work, and bug bounty experience count.
• At least 1 of the following certifications: BSCP or OSCP.
• Foundational understanding of web application security concepts, including the OWASP Top 10, common authentication and session management flaws, and injection vulnerabilities.
• Willingness to use AI tools in your workflow and a basic understanding of how to validate AI generated output rather than blindly trusting it.
• Demonstrated passion for security through self-study, lab work, CTF participation, bug bounty programs, personal projects, or relevant coursework.
• Any published security research, responsible disclosures, blog posts, or conference talks, regardless of how small.
• Fluency in English, with professional verbal & written communication. You’re able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner.

Requirements

• Deliver Penetration Testing Engagements
• Perform web application, API, mobile, cloud and network penetration tests using both AI tools and manual techniques, following established methodologies based on OWASP Testing Guide and internal playbooks.
• Use AI assisted tools as part of your testing workflow for tasks like reconnaissance, payload generation, and initial triage, while validating results manually and understanding the limitations of automated output.
• Document findings clearly and accurately, including steps to reproduce, evidence (screenshots, request/response pairs), risk ratings, and remediation recommendations.
• Contribute to improving internal templates, checklists, and documentation as you gain experience and notice areas for improvement.
• Assist senior testers with scoping calls and pre-engagement preparation when needed.

Benefits

• A structured growth path from junior to mid-level pentester with clear milestones and regular feedback.
• Mentorship from experienced offensive security professionals.
• Budget for training, certifications, and conferences to support your professional development.
• Competitive base salary.
• Exceptional private healthcare.
• Early equity in a fast-growing company.
• Work-from-home model.
• Flexible PTO.
• Company-provided laptop.
• Monthly wellness and home Wi-Fi stipend.