Ethical Hacker Trainer

Job Summary

We are seeking an experienced and ethical-minded Ethical Hacker (Penetration Tester) to evaluate the security posture of our systems, applications, and networks by identifying vulnerabilities and recommending mitigation steps. You will perform authorized simulated attacks, produce actionable reports, and work closely with engineering and operations teams to strengthen defenses.

Key Responsibilities

• Plan and execute authorized penetration tests against web applications, APIs, mobile apps, networks, cloud environments (AWS/Azure/GCP), and internal infrastructure.
  
• Perform vulnerability assessments and manual exploit development where required.
  
• Conduct social engineering assessments (phishing, vishing) as requested and within agreed legal/scope boundaries.
  
• Use a combination of automated scanning tools and hands-on techniques to discover security weaknesses.
  
• Develop proof-of-concept exploits and document impact, risk, and remediation steps.
  
• Triage and validate findings from vulnerability scanners and bug bounty reports.
  
• Work with development and operations teams to prioritize fixes and verify patches/mitigations.
  
• Produce high-quality, clear, prioritized vulnerability reports and executive summaries tailored to technical and non-technical audiences.
  
• Assist in threat modeling, secure design reviews, and security architecture consultations.
  
• Stay current with emerging threats, attack techniques, and defense strategies; contribute to security playbooks and runbooks.
  
• Maintain strict adherence to legal, compliance, and ethical guidelines; coordinate scope/authorization for tests.
  

Required Qualifications & Skills

• Bachelors degree in Computer Science, Information Security, or equivalent practical experience (or comparable certifications + experience).
  
• 2+ years (Junior) / 4+ years (Mid) / 6+ years (Senior) experience in penetration testing, red teaming, or offensive security roles.
  
• Hands-on experience with tools like Burp Suite, Metasploit, Nmap, Nessus/OpenVAS, Wireshark, SQLMap, and relevant cloud security tooling.
  
• Strong knowledge of web application vulnerabilities (OWASP Top 10), network protocols, authentication/authorization mechanisms, and common exploitation techniques.
  
• Proficiency in at least one scripting/programming language (Python, Bash, PowerShell, Ruby, or Go).
  
• Experience testing cloud services (AWS/Azure/GCP) and containerized environments (Docker/Kubernetes) is a plus.
  
• Solid understanding of secure coding practices, CI/CD security, and infrastructure-as-code risks.
  
• Excellent written and verbal communication; able to explain technical risks to executives as well as engineers.
  
• Strong ethical judgement and strict adherence to legal and organizational rules for testing and disclosure.
  

Preferred Certifications

• CEH (Certified Ethical Hacker) — useful but not sufficient alone
  
• OSCP / OSCE / eCPPT / CPT / CREST certifications (highly preferred)
  
• CISSP, CISM, or GIAC certifications (beneficial for senior roles)
  
• Cloud security certs (AWS Certified Security, Azure Security Engineer) a plus