Ethical Hacking

Get hired by them as a penetration tester.
During a penetration test, you are only legally allowed to work within the scope given. If you go outside the scope, the other party would be able to hold you liable in court for such conduct. If you find yourself in such a situation, you should let the other party know immediately and ask if they could extend the scope of the test.
No, not unless specifically instructed by your employer. Making one without notifying your employer is illegal.
Although selling software vulnerabilities may be lucrative, you may be exposing yourself to legal repercussions. If you are considering whistleblowing for critical vulnerabilities found during employment... Otherwise, if you found vulnerabilities during security research...
Either set up your own system and hack into that or get permission to hack into a system you do not own.