Penetration Tester/Ethical Hacker - RIT Solutions : Job Details

We are seeking a skilled Penetration Tester / Ethical Hacker to identify, exploit, and report security vulnerabilities in our digital infrastructure, applications, and systems. The ideal candidate will simulate cyberattacks to evaluate our security posture, provide actionable remediation advice, and help maintain a robust security environment across the organization. Key Responsibilities:

• Conduct penetration testing on applications (web, mobile, API), networks, cloud environments, and systems.
• Simulate cyberattacks (Red Team/Blue Team exercises) to assess real-world risk.
• Perform social engineering assessments (phishing, pretexting, etc.) if in scope.
• Identify and document vulnerabilities using tools and manual testing methods.
• Provide detailed reports on findings, risks, and recommended remediation steps.
• Collaborate with developers, IT, and DevSecOps to resolve security issues.
• Continuously research and stay up-to-date on the latest vulnerabilities, tools, and attack techniques.
• Support compliance initiatives (e.g., PCI DSS, ISO 27001, SOC 2) by conducting relevant security assessments.
• Participate in threat modeling and risk analysis processes.
• Validate security fixes through re-testing.

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• 3-5 years of hands-on experience in penetration testing or ethical hacking.
• Strong knowledge of OWASP Top 10, MITRE Telecommunication&CK, NIST, and common CVEs.
• Experience with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux, Nessus, etc.
• Familiarity with scripting languages like Python, Bash, or PowerShell.
• Experience with Windows, Linux, and cloud (AWS, Azure, GCP) environments.
• Ability to clearly document and communicate technical findings to both technical and non-technical audiences.

• Certifications such as OSCP, CEH, GPEN, CRT, or equivalent.
• Experience with secure code review and static/dynamic analysis tools.
• Knowledge of secure SDLC and DevSecOps principles.
• Red Team/Blue Team experience or adversary emulation knowledge.

• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ethical mindset and integrity when handling sensitive systems and data.
• Ability to work independently and within cross-functional teams.