Associate Penetration Tester

Rhino Security Labs is a boutique security assessment and penetration testing firm, focused exclusively on providing the best offensive security engagements to our clients. For the security layman, we research, develop, and utilize highly technical attacks to identify security weaknesses in client corporate environments - before malicious attackers find them.

Our assessment team is a specialized group of security engineers and penetration testers, with technologies ranging from traditional networks and web/mobile applications to complex cloud environments. All of these assessments are driven by the team’s research and development initiatives.

Culturally, we are a high-energy, technical group of hackers and builders who love what we do - whether researching new security vulnerabilities, developing new tools, or just automating internal tasks. We prioritize (and invest in) constant education, research, and pushing the envelope with technology.

As part of our forward-looking approach, Rhino is actively integrating modern AI techniques (LLM-powered workflows, RAG-based internal documentation, AI-assisted exploit generation, etc) into every aspect of our business, and investing in the teams AI skillset.
For more information on us and what to expect, check out Rhino’s Company Principles.

The ideal Associate Penetration Tester candidate is an excellent communicator, team player, and passionate about information security. They will have a demonstrated experience in a penetration testing / other security role, or equivalent knowledge through an educational program.

The candidate will be well-versed in technical security concepts and security testing practices. They must be comfortable with a fast-paced startup culture with rapidly changing priorities, ensuring the success of client security projects.

Success in this role requires taking the initiative, learning quickly, and being adaptable to new and changing situations. Expect to be constantly learning here - new vulnerabilities, exploits, tools, application languages, and research initiatives.

As part of the penetration testing team, you will be planning and executing security tests on a range of targets - internal and external networks, web applications, mobile applications, APIs, AWS cloud environments, IoT devices and more.

Well-rounded knowledge of operating systems, networks, and scripting (Python in particular) are key. Basic application security knowledge is expected, and AWS familiarity a strong plus.

Research is critical to Rhino’s continued success. You will have both the opportunity - and responsibility - to contribute original security research, such as developing new tools and identifying zeroday vulnerabilities. Extensive team support and education is available in support of these goals.

As an Associate Penetration Tester, you’ll be an essential part of Rhino’s penetration testing team, involved not just in security assessments, but the groundbreaking security research those assessments rely on.

• Execute penetration tests and security assessments alone or as part of a team, including internal/external networks, web and mobile applications, Windows and Linux environments, AWS architecture and more.
• Create assessment documentation and reports, clearly identifying vulnerabilities and associated remediation steps.
• Develop tools and scripts to automate and improve current pentesting processes
• Conduct new security research and work with others to develop blog posts on findings
• Actively continue education and technical skill development, improving security capabilities
• Evaluate and integrate AI/ML tooling (LLM-based code review, vulnerability discovery, report tooling) into day-to-day testing.

• Strong communication skills, written and verbal
• Comfortable with basic application security testing and common vulnerabilities
• Comfortable with scripting/automation (Python preferred)
• Basic IT skills across a range of technologies, including Linux and computer networking (TCP/IP, SSH, HTTP, DNS, etc)
• Strong ability and drive to learn and develop technical security skills
• Familiarity with AI productivity tooling (ChatGPT or equivalent) and an ability to engineer prompts for accurate, reproducible results.
  

• Application development experience (Python preferred)
• Basic Experience with bug bounties or independent security research
• Basic Windows/Linux administration, network administration, or IT support
• Experience in security engineering, application security, or related field
• Experience with common security testing tools (Burpsuite, Nessus, Pacu, Hashcat, SQLMap, Bloodhound, etc)
• Hands-on Experience with OpenAI APIs, Retrieval-Augmented Generation (RAG), MCP, LangChain, and other AI tooling
• Understanding of adversarial ML concepts and how model weaknesses can translate to real-world security risks.

• Full Health Benefits - fully covered Medical / Dental / Vision
• Quarterly bonus of 5-15% annual salary, based on company and individual performance
• Annual Training stipend of $2,500 for all pentesters (with extra available for high impact courses)
• Regular Research and Development opportunities (with bonus structure for all published research)
• 3 weeks of Paid Time Off (in addition to 13 paid Holidays)
• Company retreats and team-building activities, both remote and in-person

Salary : $3