Pros
If you're looking to get a foothold in InfoSec then you could do a lot worse. Coming in at the ground level, WhiteHat will train you up and give you a solid foundation in the market. You'll be working in a relaxed and friendly atmosphere with some of the nicest people you'll ever meet. The company has lost its way in the past few years but seems to be slowly getting back on track, and with the constant reshuffles and changes of management at every tier there are plenty of opportunities to progress upwards (to a certain level) if you're prepared, in the words of one senior manager, to "drink the Kool-Aid".
Cons
A recently-departed senior manager once described WhiteHat as the equivalent of an InfoSec university. People get hired here, work for a few years and then "graduate" to other jobs within the industry. And this wasn't even a criticism of the company; this was a senior manager of operations describing the company's modus operandi. And it still stands. Technically our core product is woefully out-of-date and, despite the recent company-wide compensation review, the boots-on-the-ground employees are under-compensated but still expected to devote much of their knowledge to getting to grips with all the "quirks" and issues in the core service. Having been here almost 2 years I've witnessed the constant struggle between what our clients expect from us and what limited information we can glean from our outdated internal systems that haven't had any dedicated development for over a decade.