ZipRecruiter

Log In

1

Ethical Hacker Jobs (NOW HIRING)

Harriscomputer

Expert Security Engineer

Canada, KY · Remote

$100K - $120K/yr

Ethical Hacking & Penetration Testing: Lead and execute advanced penetration tests and ethical hacking engagements against Altera's criticalsystems, applications, and networks to identify and exploit ...

next page

Showing results 1-20

All JobsEthical Hacker Jobs

Ethical Hacker information

See salary details

$101.5K

$135.3K

$162K

How much do ethical hacker jobs pay per year?

As of Jun 12, 2026, the average yearly pay for ethical hacker in the United States is $135,269.00, according to ZipRecruiter salary data. Most workers in this role earn between $127,000.00 and $141,500.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an Ethical Hacker, and why are they important?

To thrive as an Ethical Hacker, you need strong knowledge of networking, operating systems, vulnerability assessment, and security protocols, often backed by a degree in computer science or a related field. Familiarity with penetration testing tools like Metasploit, Nmap, Wireshark, and certifications such as CEH (Certified Ethical Hacker) or OSCP are typically required. Analytical thinking, problem-solving, and strong communication are vital soft skills for identifying vulnerabilities and reporting findings effectively. These skills ensure organizations can proactively defend against cyber threats and maintain robust information security.

Can I make $200,000 a year in cyber security?

Ethical hackers, or penetration testers, can potentially earn $200,000 or more annually with extensive experience, advanced certifications like OSCP or CISSP, and specialization in high-demand areas. Salaries vary based on industry, location, and skill level, with senior roles and consulting positions often offering higher compensation.

What is the difference between Ethical Hacker vs Penetration Tester?

AspectEthical HackerPenetration Tester
CertificationsCEH, OSCP, CISSPOSCP, CEH, GPEN
Work EnvironmentOften part of security teams, proactive testingFocused on simulated attacks, testing security
Employer & Industry UsageBusinesses, cybersecurity firms, government agenciesSecurity consulting firms, internal security teams

Both Ethical Hackers and Penetration Testers assess security vulnerabilities, often holding similar certifications and working in comparable environments. Ethical Hackers typically have a broader role, including proactive security measures, while Penetration Testers focus specifically on simulated attacks to identify weaknesses. The terms are often used interchangeably, but Ethical Hacker emphasizes a proactive security mindset, whereas Penetration Tester emphasizes the testing process.

What jobs do ethical hackers get?

Ethical hackers, also known as penetration testers or security analysts, typically work in roles focused on identifying and fixing security vulnerabilities in computer systems and networks. They may be employed by organizations, cybersecurity firms, or government agencies, often requiring certifications like CEH or OSCP and proficiency with tools such as Kali Linux and Metasploit. These roles usually involve regular testing, reporting, and collaboration with IT teams to improve security defenses.

What are ethical hackers?

Ethical hackers, also known as white-hat hackers or penetration testers, are cybersecurity professionals who use their skills to identify and fix security vulnerabilities in computer systems, networks, or applications. They are authorized by organizations to conduct tests and simulate cyberattacks to uncover potential weaknesses before malicious hackers can exploit them. Ethical hackers follow legal and ethical guidelines, helping organizations strengthen their security posture and protect sensitive data. Their work is crucial in preventing data breaches and cybercrimes.

What are the most common challenges ethical hackers face when working with organizations?

Ethical hackers often encounter challenges such as navigating limited access to critical systems, working with incomplete or outdated documentation, and ensuring that their activities do not disrupt business operations. Communication is key, as they must clearly explain vulnerabilities and recommendations to non-technical stakeholders. Additionally, ethical hackers must stay current with evolving security threats and tools, which requires continuous learning and adaptability in a fast-paced environment.

Can you make $500,000 a year in cyber security?

While some experienced ethical hackers or cybersecurity professionals with specialized skills, certifications, and leadership roles can earn salaries approaching or exceeding $500,000 annually, such high earnings are uncommon and typically require extensive experience, advanced certifications, and working in high-paying industries or senior positions. Most cybersecurity roles offer salaries below this level, but top-tier experts in niche areas or with consulting opportunities can reach these figures.

Is 30 too old for cyber security?

Ethical hackers and cybersecurity professionals can start at any age, including 30 or older. Success in the field depends on skills, certifications, and experience rather than age, and many professionals transition into cybersecurity from different careers later in life.

What Does an Ethical Hacker Do?

The job duties of an ethical hacker involve testing the security of a computer system or server. In this career, you may also have the job title of penetration tester. Your responsibilities include attempting to hack a system, website, or network to assess the vulnerability. You then make a report or give suggestions based on the outcome of your tests. You may perform research on the site or network before your hacks to find potential cyber vulnerabilities. As an ethical hacker, you must continuously research hacking to keep up with the latest techniques.

More about Ethical Hacker jobs
What cities are hiring for Ethical Hacker jobs? Cities with the most Ethical Hacker job openings:
What are the most commonly searched types of Ethical Hacker jobs? The most popular types of Ethical Hacker jobs are:
What states have the most Ethical Hacker jobs? States with the most job openings for Ethical Hacker jobs include:
What job categories do people searching Ethical Hacker jobs look for? The top searched job categories for Ethical Hacker jobs are:
Ethical Hacker jobs near you
Infographic showing various Ethical Hacker job openings in the United States as of June 2026, with employment types broken down into 72% Full Time, 14% Part Time, and 14% Contract. Highlights an 100% In-person job distribution, with an average salary of $135,269 per year, or $65 per hour.
Attack Surface Management Consulting Director

Attack Surface Management Consulting Director

CNA

Chicago, IL • On-site

Full-time

Posted 7 days ago

Job description

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
The Consulting Director, Attack Surface Management defines strategy, adoption, and governance of automation, AI, and agentic AI across application security, vulnerability management, ethical hacking, and attack surface management programs. Oversees evaluation and deployment of AI-centric security solutions while establishing audit-defensible standards, processes, and secure AI development practices. Drives enterprise-scale identification, analysis, and remediation of external attack surface risk through advanced automation, analytics, and AI-enabled capabilities. Partners with senior leadership and cross-functional teams to prioritize risk, improve operational efficiency, and deliver measurable security outcomes. Provides expert guidance, metrics, and reporting to ensure effective risk management, regulatory alignment, and continuous program maturity.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
  • Aid in defining and implementing strategy for applying automation, AI, and agentic AI to application security, vulnerability management, ethical hacking, and attack surface management use cases.
  • Evaluate, deploy, manage, and govern best-in-class new and existing AI-centric solutions, services, and capabilities relevant to the application security, ethical hacking, and vulnerability management domains.
  • Identify, prioritize, and drive high-value outcomes where automation and AI can improve operational effectiveness, speed, scale, and efficiency.
  • Develop and contribute to audit-defensible governance, standards, processes, procedures, methodologies, practices, playbooks, etc. for secure AI adoption and use across application security, vulnerability management, and ethical hacking domains.
  • Lead identification and risk analysis of the external attack surface through development and continuous improvement of automation to drive effective risk exposure response across the business.
  • Create secure AI, including agentic, development practices by establishing and continuously improving reusable skills, prompts, workflows, and guardrails for AI-based tools such that AI generated code adheres to secure coding expectations, including proper input validation, authentication, authorization, secrets handling, logging, error handling, dependency use, and secure design.
  • Drive the use of AI to improve threat modeling, code review, and application security testing; vulnerability analysis, prioritization, and remediation; penetration testing and red teaming; and attack surface discovery, risk analysis, and remediation.
  • Partner with peer domain leaders and practitioners to understand, align, integrate, collaborate, etc. on AI initiatives that realize value to Cyber Defense, Global Enterprise Security, and the business at large.
  • Provides proactive, frequent and consistent communication to key IT and business stakeholders on applicable measures, metrics, KRIs, KPIs, threats, risks, etc. Ensures application security, vulnerability management, ethical hacking outputs, and other attack surface management activities result in proper action, risk management, etc.

May perform additional duties as assigned.
Reporting Relationship
Typically reports to Director or above.
Skills, Knowledge & Abilities
  • In depth understanding of Vulnerability Management, Application Security, Cloud Security, Ethical Hacking, Threat Management, and Security Remediation programs and operations.
  • Strong working knowledge of AI/ML, GenAI, LLM, and agentic AI security concepts, common attack/defense techniques, and use to solve application security, vulnerability management, and ethical hacking domain problems.
  • Demonstrated experience developing and maturing service, tooling, and process automation.
  • Demonstrated experience in software development and/or scripting.
  • Strong understanding of security vulnerabilities and threats and industry standard methodologies of risk managing exposures effectively.
  • Superior analytical and problem-solving skills and the ability to effectively communicate highly technical information to all audiences.
  • Proven ability to interact effectively with senior business leadership to effectively address vulnerabilities and threats in a priority manner.
  • Working knowledge of regulations (e.g., SOX, privacy, etc.) and internal controls as they apply to IT. Routinely stays up to date on current best practices / trends to identify, document, and drive resolution of security exposures through independent and collaborative industry research.
  • Proven ability to influence change and drive the adoption of automation, AI, and agentic AI to applicable domain programs and teams.
  • Ability to work extremely well under pressure while maintaining a professional image and approach.

Education & Experience
  • Bachelor's Degree required or equivalent work experience. Master's Degree in Computer Science or technical field preferred.
  • Typically, a minimum of ten years of information security or related work experience in one or more of the following: application security, vulnerability management or exposure management, ethical hacking, penetration testing, attack surface management, security engineering, or security architecture.
  • Relevant certifications preferred.

#LI-Hybrid
#LI-DM1
In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees - and their family members - achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA's benefits, please visit cnabenefits.com.
CNA utilizes AI-enabled technology during the recruiting process. For more information, please visit our careers page.
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com

Apply