About us
BlueOrange Compliance, a CloudWave company, is a leader in information privacy and security, regulatory compliance, and risk management services.
About this Position
We are seeking a highly skilled Penetration Tester (Ethical Hacker) to join our cybersecurity team. In this role, you will be responsible for simulating real-world cyberattacks on client systems, networks, and applications to uncover vulnerabilities before they can be exploited. You’ll think like an adversary but act as a trusted partner—helping organizations strengthen their defenses, meet compliance requirements, and protect critical data.
Essential Duties
• Conduct internal and external penetration tests on networks, applications, and cloud environments.
• Simulate real-world attacks to identify exploitable vulnerabilities before adversaries do.
• Evaluate client environments against recognized security frameworks and regulatory requirements.
• Prepare detailed reports with findings, risk ratings, and remediation recommendations.
• Stay current on emerging threats, tools, and techniques in offensive security.
• Contribute to internal knowledge base and mentor junior team members.
• Create comprehensive penetration test reports and executive summaries for stakeholders.
• Maintain accurate records of testing activities and ensure compliance with internal standards.
• Present results of testing directly to clients and stakeholders
Required Skills
• Bachelor's degree in Computer Science, Cybersecurity, a similar discipline, or comparable professional experience.
• Preferred certifications: OSCP, CEH, CRTP, PNPT, or similar offensive security credentials.
• 2+ years of hands-on experience in penetration testing, vulnerability assessments, or red team operations.
• Familiarity with healthcare compliance and/security frameworks (HIPAA, HITRUST, NIST) and regulatory standards.
• Proficiency with offensive security tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Kali, Phishing Tools, etc.).
• Strong understanding of network protocols, web application security, and secure coding practices.
• Ability to develop custom scripts in Python, Bash, or PowerShell for exploit development and automation preferred
• Deep understanding of OWASP Top 10, MITRE ATT&CK, and common attack vectors.
• Familiarity with Secure SDLC and threat modeling methodologies.
To be considered for this excellent new opportunity, please send a resume with salary history directly to
[email protected]. Your response will be held in strict confidence.
Remote
Skills:
Applications Security, Automation, Bash Scripting, Cloud Applications, Computer Hacking, Computer Science, Computer Security, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Information/Data Security (InfoSec), Internet Application, Internet Security, Knowledge Base, Maintain Compliance, Mentoring, Metasploit, NMap, Nessus, Network Protocols, Network Testing, Penetration Testing, Phishing, Privacy Controls, Python Programming/Scripting Language, Record Keeping, Regulations, Regulatory Compliance, Regulatory Requirements, Reporting Skills, Risk, Risk Management, Scripting (Scripting Languages), Secure Coding, Security Analysis, Security Compliance, Software Development Lifecycle (SDLC), Test Plan/Schedule, Testing, Threat Modeling, U.S. National Institute of Standards and Technology (NIST), Windows PowerShell, Wireshark (Ethereal)
About the Company:
BlueOrange Compliance
Apply Now
Apply Now