ZipRecruiter

Log In

1

Ethical Hacker Job Jobs (NOW HIRING)

AutoRoboto

Lead Penetration Tester

Mountain View, CA ยท On-site

... Ethical hacker Company : AutoRoboto provides mechanical engineering, manufacturing consulting, hardware, software QA testing, and data collection services. Founded in 2015, the company is ...

next page

Showing results 1-20

People also search for

All JobsEthical Hacker Job Jobs

Ethical Hacker Job information

What can you do as an ethical hacker?

An ethical hacker, also known as a white-hat hacker, assesses computer systems and networks for vulnerabilities by simulating cyberattacks. They use tools like penetration testing and vulnerability scanning, often holding certifications such as CEH or OSCP, to help organizations improve security and prevent malicious attacks.

Is 25 too late for cyber security?

Ethical hacking is a career that can be pursued at any age, including 25. Success depends on acquiring relevant skills, certifications like CEH or OSCP, and practical experience, rather than age. Many professionals start or transition into cybersecurity later in life and find opportunities in the field.

Can you make $500,000 a year in cyber security?

While some experienced ethical hackers and cybersecurity professionals can earn $500,000 or more annually, such high salaries typically require advanced skills, certifications like CISSP or OSCP, extensive experience, and roles in senior management or specialized consulting. Most cybersecurity jobs offer lower starting salaries, but income can increase significantly with expertise and leadership positions.

What jobs do ethical hackers get?

Ethical hackers typically work as penetration testers, security analysts, cybersecurity consultants, or vulnerability assessors. They identify and fix security weaknesses in computer systems, often using tools like Kali Linux and Metasploit, and may hold certifications such as CEH or OSCP. These roles are found in various industries including finance, healthcare, and technology, requiring strong technical skills and knowledge of network security.

What is the difference between Ethical Hacker Job vs Penetration Tester?

AspectEthical Hacker JobPenetration Tester
CertificationsCEH, OSCP, CISSPCEH, OSCP, GPEN
Work EnvironmentOrganizations' security teams, consulting firmsSecurity firms, internal security teams
Industry UsageBroad, including finance, healthcare, techPrimarily cybersecurity and consulting

Both roles involve identifying security vulnerabilities, often requiring similar certifications like CEH and OSCP. Ethical hackers typically work within organizations or as consultants to improve security posture, while penetration testers focus on simulated attacks to evaluate defenses. The main difference lies in scope and approach, but both are essential in cybersecurity.

What job categories do people searching Ethical Hacker Job jobs look for? The top searched job categories for Ethical Hacker Job jobs are:
Ethical Hacker Job jobs near you
Infographic showing various Ethical Hacker Job job openings in the United States as of June 2026, with employment types broken down into 1% Locum Tenens, and 99% Part Time. Highlights an 55% Physical, 2% Hybrid, and 43% Remote job distribution.
Attack Surface Management Consulting Director

Attack Surface Management Consulting Director

CNA

Chicago, IL โ€ข On-site

Full-time

Posted 6 days ago

Job description

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
The Consulting Director, Attack Surface Management defines strategy, adoption, and governance of automation, AI, and agentic AI across application security, vulnerability management, ethical hacking, and attack surface management programs. Oversees evaluation and deployment of AI-centric security solutions while establishing audit-defensible standards, processes, and secure AI development practices. Drives enterprise-scale identification, analysis, and remediation of external attack surface risk through advanced automation, analytics, and AI-enabled capabilities. Partners with senior leadership and cross-functional teams to prioritize risk, improve operational efficiency, and deliver measurable security outcomes. Provides expert guidance, metrics, and reporting to ensure effective risk management, regulatory alignment, and continuous program maturity.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
  • Aid in defining and implementing strategy for applying automation, AI, and agentic AI to application security, vulnerability management, ethical hacking, and attack surface management use cases.
  • Evaluate, deploy, manage, and govern best-in-class new and existing AI-centric solutions, services, and capabilities relevant to the application security, ethical hacking, and vulnerability management domains.
  • Identify, prioritize, and drive high-value outcomes where automation and AI can improve operational effectiveness, speed, scale, and efficiency.
  • Develop and contribute to audit-defensible governance, standards, processes, procedures, methodologies, practices, playbooks, etc. for secure AI adoption and use across application security, vulnerability management, and ethical hacking domains.
  • Lead identification and risk analysis of the external attack surface through development and continuous improvement of automation to drive effective risk exposure response across the business.
  • Create secure AI, including agentic, development practices by establishing and continuously improving reusable skills, prompts, workflows, and guardrails for AI-based tools such that AI generated code adheres to secure coding expectations, including proper input validation, authentication, authorization, secrets handling, logging, error handling, dependency use, and secure design.
  • Drive the use of AI to improve threat modeling, code review, and application security testing; vulnerability analysis, prioritization, and remediation; penetration testing and red teaming; and attack surface discovery, risk analysis, and remediation.
  • Partner with peer domain leaders and practitioners to understand, align, integrate, collaborate, etc. on AI initiatives that realize value to Cyber Defense, Global Enterprise Security, and the business at large.
  • Provides proactive, frequent and consistent communication to key IT and business stakeholders on applicable measures, metrics, KRIs, KPIs, threats, risks, etc. Ensures application security, vulnerability management, ethical hacking outputs, and other attack surface management activities result in proper action, risk management, etc.

May perform additional duties as assigned.
Reporting Relationship
Typically reports to Director or above.
Skills, Knowledge & Abilities
  • In depth understanding of Vulnerability Management, Application Security, Cloud Security, Ethical Hacking, Threat Management, and Security Remediation programs and operations.
  • Strong working knowledge of AI/ML, GenAI, LLM, and agentic AI security concepts, common attack/defense techniques, and use to solve application security, vulnerability management, and ethical hacking domain problems.
  • Demonstrated experience developing and maturing service, tooling, and process automation.
  • Demonstrated experience in software development and/or scripting.
  • Strong understanding of security vulnerabilities and threats and industry standard methodologies of risk managing exposures effectively.
  • Superior analytical and problem-solving skills and the ability to effectively communicate highly technical information to all audiences.
  • Proven ability to interact effectively with senior business leadership to effectively address vulnerabilities and threats in a priority manner.
  • Working knowledge of regulations (e.g., SOX, privacy, etc.) and internal controls as they apply to IT. Routinely stays up to date on current best practices / trends to identify, document, and drive resolution of security exposures through independent and collaborative industry research.
  • Proven ability to influence change and drive the adoption of automation, AI, and agentic AI to applicable domain programs and teams.
  • Ability to work extremely well under pressure while maintaining a professional image and approach.

Education & Experience
  • Bachelor's Degree required or equivalent work experience. Master's Degree in Computer Science or technical field preferred.
  • Typically, a minimum of ten years of information security or related work experience in one or more of the following: application security, vulnerability management or exposure management, ethical hacking, penetration testing, attack surface management, security engineering, or security architecture.
  • Relevant certifications preferred.

#LI-Hybrid
#LI-DM1
In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees - and their family members - achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA's benefits, please visit cnabenefits.com.
CNA utilizes AI-enabled technology during the recruiting process. For more information, please visit our careers page.
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com

Apply