Ethical Hacker Job Description

An Ethical Hacker performs network and application-based security vulnerability assessments and penetration tests in accordance with industry-accepted methods and protocols. Some of the key areas in which an Ethical Hacker is expected to be active are:

• Networking
• Windows and UNIX systems security
• Applications & Scripts (C# / .NET, Python, BASH, Perl, Ruby)
• Web security (IIS / Apache)
• SQL
• Cloud computing

The responsibilities of an Ethical Hacker include, but are not limited to:

• Management of security projects, IT security penetration testing and vulnerability assessments using various network and application testing methodologies across public and private networks
• Documentation and presentation of security-testing results (final reports and presentations) to the executive, middle management, and technical teams
• Review of network architecture and security
• Risk assessments, vulnerability assessments, and manage intrusion detection/prevention mechanisms
• Management and remediation of the results of various security incidents as/when they occur
• Evaluation of new and proposed security systems and technologies
• Definition of monitoring criteria and process for ensuring that industry best practices are maintained
• Assessment of security awareness training using social engineering

In order to be a successful Ethical Hacker, one has to hold the below skills and experiences:

• Strong ethics and understanding of ethics in business and information security
• Degree in either Computer Engineering, Computer Science, or Information Systems Management
• Understanding and familiarity with common penetration testing methods and standards
• Understanding of security issues on both Microsoft and *NIX operating systems
• Strong knowledge of network equipment, protocols, cyphers
• Experience with exploitation frameworks (e.g., MetaSploit, Core Impact)
• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint) 
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Acunetix, NTOSpider, Burpsuite) 
• Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
• Experience with high level programming languages (e.g., Java, C, C++, dotNET)
• Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP) 
• Minimum of 3 years work experience performing security penetration tests or internal technical security audits
• Ability to present and articulate findings to technical staff and executives 
• Excellent analytical, organizational, and communication skills
• Proficient English language written and oral communication skills
• Investigative skills