Offensive Security Analyst (Penetration Testing)– Remote Position

About us BlueOrange Compliance, a CloudWave company, is a leader in information privacy and security, regulatory compliance, and risk management services. About this Position We are seeking a highly skilled Penetration Tester (Ethical Hacker) to join our cybersecurity team. In this role, you will be responsible for simulating real-world cyberattacks on client systems, networks, and applications to uncover vulnerabilities before they can be exploited. You’ll think like an adversary but act as a trusted partner—helping organizations strengthen their defenses, meet compliance requirements, and protect critical data. Essential Duties • Conduct internal and external penetration tests on networks, applications, and cloud environments. • Simulate real-world attacks to identify exploitable vulnerabilities before adversaries do. • Evaluate client environments against recognized security frameworks and regulatory requirements. • Prepare detailed reports with findings, risk ratings, and remediation recommendations. • Stay current on emerging threats, tools, and techniques in offensive security. • Contribute to internal knowledge base and mentor junior team members. • Create comprehensive penetration test reports and executive summaries for stakeholders. • Maintain accurate records of testing activities and ensure compliance with internal standards. • Present results of testing directly to clients and stakeholders Required Skills • Bachelor's degree in Computer Science, Cybersecurity, a similar discipline, or comparable professional experience. • Preferred certifications: OSCP, CEH, CRTP, PNPT, or similar offensive security credentials. • 2+ years of hands-on experience in penetration testing, vulnerability assessments, or red team operations. • Familiarity with healthcare compliance and/security frameworks (HIPAA, HITRUST, NIST) and regulatory standards. • Proficiency with offensive security tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Kali, Phishing Tools, etc.). • Strong understanding of network protocols, web application security, and secure coding practices. • Ability to develop custom scripts in Python, Bash, or PowerShell for exploit development and automation preferred • Deep understanding of OWASP Top 10, MITRE ATT&CK, and common attack vectors. • Familiarity with Secure SDLC and threat modeling methodologies. To be considered for this excellent new opportunity, please send a resume with salary history directly to [email protected]. Your response will be held in strict confidence. Remote Skills: Applications Security, Automation, Bash Scripting, Cloud Applications, Computer Hacking, Computer Science, Computer Security, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Information/Data Security (InfoSec), Internet Application, Internet Security, Knowledge Base, Maintain Compliance, Mentoring, Metasploit, NMap, Nessus, Network Protocols, Network Testing, Penetration Testing, Phishing, Privacy Controls, Python Programming/Scripting Language, Record Keeping, Regulations, Regulatory Compliance, Regulatory Requirements, Reporting Skills, Risk, Risk Management, Scripting (Scripting Languages), Secure Coding, Security Analysis, Security Compliance, Software Development Lifecycle (SDLC), Test Plan/Schedule, Testing, Threat Modeling, U.S. National Institute of Standards and Technology (NIST), Windows PowerShell, Wireshark (Ethereal) About the Company: BlueOrange Compliance Apply tot his job