An ethical hacker usually holds the Certified Ethical Hacker (CEH) certification from the International Council of E-Commerce Consultants (EC-Council) and conducts legal, comprehensive scans of a company's information infrastructure. Professionals with the title can choose from one of many jobs in ethical hacking, including penetration testing, incidence response, computer forensics and security analysis. An ethical hackers usually starts as a penetration tester and advances to a senior role as an information security analyst or engineer. Although penetration testers and incidence response professionals have specific job duties, those with more advanced jobs in ethical hacking generally perform a wider range of duties.
Penetration testing is one of the most common entry-level jobs in ethical hacking and involves conducting various scans on network devices, databases, software, computers and servers. The process starts with obtaining permission to test a company's systems, and the goal of the process is to find any vulnerabilities that could result in damage if a hacker exploits them. A penetration tester maps the company's network and tries to get access to the company's network devices, including switches, routers and firewalls, as well as individual workstations and servers. He or she also may try to hack into web applications or databases. The tester reports all findings in a comprehensive report and suggests remedies to the discovered vulnerabilities.
A job in incidence response is another career choice for an ethical hacker and deals with responding to security breaches. Those in this area work to create an incident response plan that provides details for preparing, identifying, containing, eradicating and recovering from attacks and other security breaches. Incidence response professionals must stay up to date with the latest threats, analyze how much of an effect these threats would have on an organization and find a way to prevent as much damage as possible if a breach occurs. They use the information gathered from previous incidents to help prevent future incidents and to find new ways to deal with similar incidents in the future. Incidence response professionals also may perform a forensic analysis to gather information from attacks that resulted in a crime.
Jobs in ethical hacking also include information security analyst and engineer, both roles that have a wide range of duties. These professionals are responsible for securing a company's data, configuring security devices, creating security plans, conducting risk audits, finding solutions to security threats, monitoring the network and analyzing application code. An information security analyst holds an advanced role in the organization and usually has several years of experience in penetration testing, incidence response and general security.