Offensive Security Analyst (Penetration Testing)– Remote Position

About usBlueOrange Compliance, a CloudWave company, is a leader in information privacy and security, regulatory compliance, and risk management services. About this PositionWe are seeking a highly skilled Penetration Tester (Ethical Hacker) to join our cybersecurity team. In this role, you will be responsible for simulating real-world cyberattacks on client systems, networks, and applications to uncover vulnerabilities before they can be exploited. You’ll think like an adversary but act as a trusted partner—helping organizations strengthen their defenses, meet compliance requirements, and protect critical data.Essential Duties• Conduct internal and external penetration tests on networks, applications, and cloud environments. • Simulate real-world attacks to identify exploitable vulnerabilities before adversaries do. • Evaluate client environments against recognized security frameworks and regulatory requirements. • Prepare detailed reports with findings, risk ratings, and remediation recommendations. • Stay current on emerging threats, tools, and techniques in offensive security. • Contribute to internal knowledge base and mentor junior team members.• Create comprehensive penetration test reports and executive summaries for stakeholders. • Maintain accurate records of testing activities and ensure compliance with internal standards. • Present results of testing directly to clients and stakeholdersRequired Skills• Bachelor's degree in Computer Science, Cybersecurity, a similar discipline, or comparable professional experience. • Preferred certifications: OSCP, CEH, CRTP, PNPT, or similar offensive security credentials. • 2+ years of hands-on experience in penetration testing, vulnerability assessments, or red team operations.• Familiarity with healthcare compliance and/security frameworks (HIPAA, HITRUST, NIST) and regulatory standards. • Proficiency with offensive security tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Kali, Phishing Tools, etc.). • Strong understanding of network protocols, web application security, and secure coding practices. • Ability to develop custom scripts in Python, Bash, or PowerShell for exploit development and automation preferred• Deep understanding of OWASP Top 10, MITRE ATT&CK, and common attack vectors.• Familiarity with Secure SDLC and threat modeling methodologies. To be considered for this excellent new opportunity, please send a resume with salary history directly to [email protected]. Your response will be held in strict confidence. RemoteSkills:Applications Security, Automation, Bash Scripting, Cloud Applications, Computer Hacking, Computer Science, Computer Security, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Information/Data Security (InfoSec), Internet Application, Internet Security, Knowledge Base, Maintain Compliance, Mentoring, Metasploit, NMap, Nessus, Network Protocols, Network Testing, Penetration Testing, Phishing, Privacy Controls, Python Programming/Scripting Language, Record Keeping, Regulations, Regulatory Compliance, Regulatory Requirements, Reporting Skills, Risk, Risk Management, Scripting (Scripting Languages), Secure Coding, Security Analysis, Security Compliance, Software Development Lifecycle (SDLC), Test Plan/Schedule, Testing, Threat Modeling, U.S.National Institute of Standards and Technology (NIST), Windows PowerShell, Wireshark (Ethereal)About the Company:BlueOrange Compliance Apply tot his job