Offensive Security Analyst (Penetration Testing)– Remote Position at BlueOrange Compliance

About us BlueOrange Compliance, a CloudWave company, is a leader in information privacy and security, regulatory compliance, and risk management services. About this Position We are seeking a highly skilled Penetration Tester (Ethical Hacker) to join our cybersecurity team. In this role, you will be responsible for simulating real-world cyberattacks on client systems, networks, and applications to uncover vulnerabilities before they can be exploited. You’ll think like an adversary but act as a trusted partner—helping organizations strengthen their defenses, meet compliance requirements, and protect critical data. Essential Duties Conduct internal and external penetration tests on networks, applications, and cloud environments. Simulate real-world attacks to identify exploitable vulnerabilities before adversaries do. Evaluate client environments against recognized security frameworks and regulatory requirements. Prepare detailed reports with findings, risk ratings, and remediation recommendations. Stay current on emerging threats, tools, and techniques in offensive security. Contribute to internal knowledge base and mentor junior team members. Create comprehensive penetration test reports and executive summaries for stakeholders. Maintain accurate records of testing activities and ensure compliance with internal standards. Present results of testing directly to clients and stakeholders Required Skills Bachelor's degree in Computer Science, Cybersecurity, a similar discipline, or comparable professional experience. Preferred certifications: OSCP, CEH, CRTP, PNPT, or similar offensive security credentials. 2+ years of hands-on experience in penetration testing, vulnerability assessments, or red team operations. Familiarity with healthcare compliance and/security frameworks (HIPAA, HITRUST, NIST) and regulatory standards. Proficiency with offensive security tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Kali, Phishing Tools, etc.). Strong understanding of network protocols, web application security, and secure coding practices. Ability to develop custom scripts in Python, Bash, or PowerShell for exploit development and automation preferred Deep understanding of OWASP Top 10, MITRE ATT\&CK, and common attack vectors. Familiarity with Secure SDLC and threat modeling methodologies. To be considered for this excellent new opportunity, please send a resume with salary history directly to [email protected]. Your response will be held in strict confidence.