Associate Penetration Tester
7 days ago
Rhino Security Labs is a boutique security assessment and penetration testing firm, focused exclusively on providing the best offensive security engagements to our clients. For the security layman, we research, develop, and utilize highly technical attacks to identify security weaknesses in client corporate environments - before malicious attackers find them.
Our assessment team is a specialized group of security engineers and penetration testers, with technologies ranging from traditional networks and web/mobile applications to complex cloud environments. All of these assessments are driven by the team's research and development initiatives.
Culturally, we are a high-energy, technical group of hackers and builders who love what we do - whether researching new security vulnerabilities, developing new tools, or just automating internal tasks. We prioritize (and invest in) constant education, research, and pushing the envelope with technology.
As part of our forward-looking approach, Rhino is actively integrating modern AI techniques (LLM-powered workflows, RAG-based internal documentation, AI-assisted exploit generation, etc) into every aspect of our business, and investing in the teams AI skillset.
For more information on us and what to expect, check out Rhino's Company Principles.
Job Description
The ideal Associate Penetration Tester candidate is an excellent communicator, team player, and passionate about information security. They will have a demonstrated experience in a penetration testing / other security role, or equivalent knowledge through an educational program.
The candidate will be well-versed in technical security concepts and security testing practices. They must be comfortable with a fast-paced startup culture with rapidly changing priorities, ensuring the success of client security projects.
Success in this role requires taking the initiative, learning quickly, and being adaptable to new and changing situations. Expect to be constantly learning here - new vulnerabilities, exploits, tools, application languages, and research initiatives.
As part of the penetration testing team, you will be planning and executing security tests on a range of targets - internal and external networks, web applications, mobile applications, APIs, AWS cloud environments, IoT devices and more.
Well-rounded knowledge of operating systems, networks, and scripting (Python in particular) are key. Basic application security knowledge is expected, and AWS familiarity a strong plus.
Research is critical to Rhino's continued success. You will have both the opportunity - and responsibility - to contribute original security research, such as developing new tools and identifying zeroday vulnerabilities. Extensive team support and education is available in support of these goals.
As an Associate Penetration Tester, you'll be an essential part of Rhino's penetration testing team, involved not just in security assessments, but the groundbreaking security research those assessments rely on.
Responsibilities
- Execute penetration tests and security assessments alone or as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, AWS architecture and more.
- Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
- Develop tools and scripts to automate and improve current pentesting processes
- Conduct new security research and work with others to develop blog posts on findings
- Actively continue education and technical skill development, improving security capabilities
- Evaluate and integrate AI/ML tooling (LLM-based code review, vulnerability discovery, report tooling) into day-to-day testing.
Basic Qualifications
- Strong communication skills, written and verbal
- Comfortable with basic application security testing and common vulnerabilities
- Comfortable with scripting/automation (Python preferred)
- Basic IT skills across a range of technologies, including Linux and computer networking (TCP/IP, SSH, HTTP, DNS, etc)
- Strong ability and drive to learn and develop technical security skills
- Familiarity with AI productivity tooling (ChatGPT or equivalent) and an ability to engineer prompts for accurate, reproducible results.
- Application development experience (Python preferred)
- Basic Experience with bug bounties or independent security research
- Basic Windows/Linux administration, network administration, or IT support
- Experience in security engineering, application security, or related field
- Experience with common security testing tools (Burpsuite, Nessus, Pacu, Hashcat, SQLMap, Bloodhound, etc)
- Hands-on Experience with OpenAI APIs, Retrieval-Augmented Generation (RAG), MCP, LangChain, and other AI tooling
- Understanding of adversarial ML concepts and how model weaknesses can translate to real-world security risks.
- Full Health Benefits - fully covered Medical / Dental / Vision
- Quarterly bonus of 5-15% annual salary, based on company and individual performance
- Annual Training stipend of $2,500 for all pentesters (with extra available for high impact courses)
- Regular Research and Development opportunities (with bonus structure for all published research)
- 3 weeks of Paid Time Off (in addition to 13 paid Holidays)
- Company retreats and team-building activities, both remote and in-person
-
Seattle, WA, United States Tik Tok Full timeResponsibilities About the Team The USDS Offensive Security and Privacy serves as the Independent Testing and Validation pillar for USDS. The team performs cyber threat simulations within the TikTok USDS environment to proactively identify vulnerabilities, misconfigurations and defense gaps. They do so by analyzing the organization's attack surface, which...
-
Seattle, WA, United States Tik Tok Full timeResponsibilities About the Team The USDS Offensive Security and Privacy serves as the Independent Testing and Validation pillar for USDS. The team performs cyber threat simulations within the TikTok USDS environment to proactively identify vulnerabilities, misconfigurations and defense gaps. They do so by analyzing the organization's attack surface, which...
-
Penetration Tester, Offensive Security Operations
14 hours ago
Seattle, WA, United States Tik Tok Full timeResponsibilities About the Team The USDS Offensive Security and Privacy serves as the Independent Testing and Validation pillar for USDS. The team performs cyber threat simulations within the TikTok USDS environment to proactively identify vulnerabilities, misconfigurations and defense gaps. They do so by analyzing the organization's attack surface, which...
-
Seattle, WA, United States KPMG Full timeKPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth...
-
Seattle, WA, United States KPMG Full timeKPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth...
-
Security Application Engineer-Need GC and USC
2 weeks ago
Seattle, WA, United States USM Full timeSecurity Application Engineer The security team is seeking an enthusiastic Security Application tester who will test applications for security compliance. The successful candidate will have experience with Enterprise Applications and Information Security. The scope of applications to be tested are software that are used to run the business, not software...
-
Security Application Engineer-Need GC and USC
2 weeks ago
Seattle, WA, United States USM Full timeSecurity Application Engineer The security team is seeking an enthusiastic Security Application tester who will test applications for security compliance. The successful candidate will have experience with Enterprise Applications and Information Security. The scope of applications to be tested are software that are used to run the business, not software...
-
Journeyman Motor Winder
7 days ago
Seattle, WA, United States Madden Industrial Craftsmen Full timeWe have a client seeking an experienced and skilled Journeyman Motor Winder to join their (IBEW/Union) team. The ideal candidate will be responsible for the inspection, rewinding, and repair of various AC and DC electric motors, generators, and related rotating equipment. $47.00 per hour (or current IBEW/Union rate at time of hire) This position requires a...
-
Journeyman Motor Winder
3 days ago
Seattle, WA, United States Madden Industrial Craftsmen Full timeWe have a client seeking an experienced and skilled Journeyman Motor Winder to join their (IBEW/Union) team. The ideal candidate will be responsible for the inspection, rewinding, and repair of various AC and DC electric motors, generators, and related rotating equipment. $47.00 per hour (or current IBEW/Union rate at time of hire) This position requires a...
-
Senior Adaptive Threat Replication Engineer
2 weeks ago
Seattle, WA, United States Bank of America Full timeSenior Adaptive Threat Replication Engineer Denver, Colorado;Seattle, Washington; Addison, Texas; Richmond, Virginia; Jersey City, New Jersey; Boston, Massachusetts; Charlotte, North Carolina; Washington, District of Columbia; Jacksonville, Florida; Chicago, Illinois To proceed with your application, you must be at least 18 years of age. Acknowledge Refer a...
