Penetration Testing Manager

Working at Thoropass

At Thoropass, we are revolutionizing the compliance and audit industry by integrating cutting-edge AI technology with expert human insight. Our team is dedicated to delivering

exceptional customer experiences and high-quality outcomes.

We’re driven by our mission to build a world that’s safer for consumers and ensuring compliance is never a blocker to innovation. By bringing together remarkably talented individuals, we’re looking to help the industry see compliance as an advantage. Join us as we collaborate to establish our platform as the world's leading choice for compliance and audit solutions.

Our Values 

These are the behaviors and skills we look for in our people. Living by these values ensures we are building a team that can grow together and deliver the best possible outcomes for each other and our customers.

Take thoughtful risk: We solve for today while being considerate of tomorrow—creatively leveraging our tools and abilities to hit ambitious goals.

Be curious, ask, and learn: We always seek to better understand our industry and our customers. We don’t shy away from mistakes—using every bit of data to learn and iterate.

Win together: Compliance is a team sport. We proactively engage with one another and check our egos at the door in search of the best ideas.

Move the needle: Our goals are lofty for a reason. We set clear expectations, give direct feedback, and challenge ourselves to close the gap between those goals and results.

What We Do

Thoropass is transforming the landscape of security compliance and audits. As the only all-in-one platform that combines compliance automation software with a tech-enabled audit firm and pentest services, we offer a modern approach to information security compliance and audit. Our AI-powered solutions, such as First Pass AI, are designed to streamline compliance and accelerate audits for frameworks like SOC, PCI, ISO, HITRUST, HIPAA, and more. Thousands of companies trust Thoropass for high-quality audit and assessment services, delighting in a truly differentiated experience.

Founded in 2019 and headquartered in New York, Thoropass has rapidly expanded with $97M in funding from top investors including J.P. Morgan, PayPal Ventures, Fin Capital, Centana, Canapi, and Bain Capital. We operate as a virtual, global company with a presence in over 18 countries. With substantial growth in both customers and revenue, we are strategically positioned for continued expansion in 2025 and beyond.

About the Role

We are looking for a Penetration Testing Manager to lead and mentor a sub-team of 4–5 pentesters within the Thoropass penetration testing organization. This is a player-coach position: you will perform hands-on pentests while ensuring your team stays motivated, on track, and consistently delivers high-quality results.

You’ll be part of a broader management structure with other Pentest Managers, working closely together to align methodologies, maintain consistency, and drive operational excellence across all teams. The ideal candidate combines strong technical expertise with people leadership skills, thrives in a collaborative environment, and enjoys developing others while still staying technically sharp.

About You

• You have experience leading technical teams and understand how to motivate, mentor, and empower others.
• You are hands-on and comfortable switching between performing pentests and managing people.
• You thrive in fast-paced environments where structure and processes are actively evolving.
• You set high standards for quality, lead by example, and bring a collaborative mindset to team leadership.

What You'll Do

• Lead and manage a Pentest team of 4–5 pentesters, providing technical guidance, feedback, and professional development support.
• Ensure all assigned engagements are delivered on time, within scope, and aligned with Thoropass standards.
• Conduct 1:1s, coaching sessions, and technical reviews to maintain motivation, quality, and team engagement.
• Collaborate with other Pentest Managers to balance workloads, share best practices, and standardize delivery processes.
• Partner with leadership to continuously improve internal operations, delivery frameworks, and team morale.

Deliver Penetration Testing Engagements

• Conduct web, network, and API penetration tests with automated and manual testing, using black box, gray box or white box testing methods.
• Identify and exploit vulnerabilities to simulate realistic attack paths and demonstrate business impact.
• Produce detailed, customer-facing reports with actionable remediation guidance, written in clear and professional English.
• Stay current with modern attack techniques and tools, ensuring your work and your team’s work remain technically strong.

Enhance Penetration Testing Function

• Help scale the pentest program through improved workflows, templates, and automation.
• Lead internal knowledge-sharing sessions and encourage a culture of continuous learning.
• Collaborate cross-functionally with Customer Success, Sales, and Operations to ensure seamless customer delivery.
• Support hiring, onboarding, and training as the pentest function expands.

Skillsets/ Requirements

•  5–8+ years in pentesting or red teaming, including 1+ year of people management experience.
• Prior experience mentoring or managing security professionals.
• Strong technical expertise in web application, API, mobile, and network penetration testing. 
• At least 1 of the following certifications: OSCP, OSCE, OSWE, PWPT, Burp Suite Certified Practitioner. 
• Knowledge of current attack methods, manual penetration testing techniques, and popular hacking tools (e.g., Nessus, Nmap, Metasploit, Kali Linux, IDA PRO, Burp Suite Pro, OWASP ZAP).

• Proficient scripting skills in bash, Python, or similar languages.
• Fluency in English, with exceptional verbal & written communication. You’re able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner. 
• Strong sense of operational ownership: able to balance delivery speed, quality, and customer satisfaction.

Bonus Points

• Contributions to the security community, such as conference talks, blog posts, open-source projects, or CVE discoveries.
• Knowledge of compliance frameworks that often require pentesting (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA).
• Experience working with cross-functional teams (Sales, Customer Success, Engineering) to scope, plan, or deliver pentests.
• Participation in bug bounty programs or vulnerability research initiatives.
• Experience with AI/LLM security testing and cloud environments such as AWS is a plus.
• Experience with Hack the Box, Portswigger Academy, or similar learning platforms.   

LATAM Compensation:

• Competitive base salary
• Exceptional private healthcare
• Early equity in a fast-growing company
• Work-from-home model
• Flexible PTO
• Home office equipment
• Monthly wellness and home Wi-Fi stipend

Equal Opportunity

Thoropass provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

---

Even if you feel you don’t meet every requirement, consider applying! Thoropass acknowledges the research which shows that women and people of color are less likely to apply for jobs when they don’t meet all of the stated qualifications. However, we’re looking for authentic innovators to blaze new trails and you just may be the right person for this or another role.