Penetration Tester Jobs & Career Guide

Latest Penetration Tester Jobs & Career Guide Listings

Find More Penetration Tester Jobs & Career Guide
Position Company Location Posted
Information Systems Security Professional - Entry to Expert Level (MD, TX, UT)
APPLY
National Security AgencyFort Meade, Maryland, United States10/03/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaJersey City, New Jersey, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaSeattle, Washington, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaRichmond, Virginia, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaJacksonville, Florida, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaChicago, Illinois, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaWashington, Dist. Columbia, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaAddison, Texas, United States17/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaDenver, Colorado, United States13/02/2024
Senior Adaptive Threat Replication Engineer
APPLY
Bank of AmericaDenver, Colorado, United States11/02/2024
Find More Jobs

What is a Penetration Tester?

A Penetration Tester, sometimes known as a Pen Tester or Ethical Hacker, is normally responsible for probing for and exploiting any IT security vulnerabilities in a clients IT networks, systems and websites.

They are basically professional paid hackers that work for the good guys; those that want to prevent themselves from being hacked by the bad guys!
They will use a suite of penetration testing tools and techniques in order to compromise the IT Security defences of their pre-assigned target networks, servers, websites or other IT systems, looking for and recording any weaknesses and vulnerabilities that they find.

What are the typical job duties for a Penetration Tester?

“Penetration testing is like being a burglar, but with permission. You are hired to find the weak points in a client’s security system, break into their network or applications, and then report back on what you find. It’s a constantly evolving field, and there’s always something new to learn. Each day can be different depending on the client, the project, and the scope of the engagement. But generally, a penetration tester’s day involves a lot of research, planning, and testing. It’s a mix of manual and automated testing, and requires a lot of critical thinking and problem-solving skills.”

Georgia Weidman, Penetration Testing: A Hands-On Introduction to Hacking (2nd edition, 2014)

The job may involve developing automated penetration scripts, and using off the shelf tools, to penetrate web based applications, IT networks and computer systems.

The role encompasses the simulation of real world cyber attacks, reporting on results in order that the organisations can use the outputs from the penetration testing in order to improve its IT Security.

The Penetration Tester will need to produce a comprehensive report showing where these identified weaknesses are with suggestions around how to mitigate against them in future.

The fun bit of the job revolves around the ‘ethical hacking’ of the target systems; the more mundane elements of the role revolve around producing a professional report for the client as already outlined!

More specific Penetration Tester responsibilities may include:

1) Planning and performing relevant penetration tests on computer systems, networks or web-based applications.
2) Designing and implementing new penetration testing tools and techniques that can be deployed during Penetration testing on behalf of the client.
3) Conducting a physical security assessment of an organisations systems, including servers and networks, ensuring that any unauthorized external physical interference is not possible.
4) Pinpointing the methods that attackers would use to gain access to the clients systems and underlying data, identifying exploits and weaknesses within the organisations IT Security defences.
5) Uncovering inadequate security practices, password policies and other human errors using social engineering techniques. Recommending processes and procedures to mitigate against human error in future.
6) Ensuring that file, directory and login permissions are restricted to those that need access to them and no one else.
7) Collate all findings together into a formal document with the report highlighting all issues uncovered together with recommended remedial actions that should be taken by the client.
8) Present the penetration testing findings to all interested parties such as senior IT management, directors and their impacted teams. Explaining the details of the individual findings, where required, and your experience and recommended next steps.
9) Highlight the project scope and requirements necessary for the organisation to patch, fix and isolate any of these newly discovered IT security flaws. Training, or indeed re-training, of the impacted systems users, may also be necessary. This work should take place alongside the creation of new documentation supporting both new and existing systems going forwards.
10) Recommending a process of penetration and vulnerability testing that the organisation could carry out themselves in future. Penetration and vulnerability testing of the live or production environment on a regular basis is necessary in order to maintain a secure environment as new threats and exploits emerge.
11) The Penetration Tester should be able to verify the client’s remedial actions, providing feedback and verifying their fixes to any highlighted security issues. Often a final Penetration Test will be necessary to confirm success!

What hours will I work?

The job of Penetration Tester is often a daytime role, working an average 40 hours per week. Short-term IT Penetration Tester Contractors and Consultants may be paid a day rate where any additional work is chargeable.

What skills do I need?

  • An up to date knowledge of IT Security related hardware, software and vendor solutions
  • Up to date knowledge of the tools and techniques that cyber criminals and hackers are likely to employ
  • Understanding of relevant scripting and source code programming languages, such as C#, C++, .NET, Java, Perl, PHP, Python or Ruby On Rails etc. that you will be using
  • Practical experience using computer operating systems such as MS Windows, UNIX/Linux
  • An analytical mind with the ability to respond quickly to findings
  • A methodical approach to recording any findings
  • You will need to be organised, efficient and able to work unsupervised under your own initiative
  • Good written and verbal communication skills

What Qualifications and Experience Do I Need?

Penetration tester jobs are not for everyone and take a lot of work. If you are considering pen testing, there are qualifications and experiences that you will need.

First, ask yourself the following questions. Are you an exceptional problem solver? Are you determined? Can you pay attention to detail? And do you keep up with the latest security and hacking trends in the field? If you answered yes, to these questions this job may be for you!

Second, make sure you have a college degree in one of the various disciplines of cybersecurity. A degree has become almost mandatory for penetration tester jobs. If you are looking to get a more senior position, a master’s degree may be required.

Once you have your degree, you can get into the cybersecurity industry by starting in security administration, network administration, web-based application programming, and related fields that focus on security. This will give you a good foundation for pen testing.

Professional certification may be required and will make you stand out above other candidates. This is especially true when it comes to senior positions. Several organizations offer widely-recognized certification for penetration testing jobs.

A few common professional certifications that employers look for are: Institute for Electrical and Electronics Engineers (IEEE), Offensive Security Certified Professional (OSCP), EC-Council, Global Information Assurance Certification (GIAC), and SANS Technology Institute.

Make sure you are familiar with certain computer languages like Python, Powershell, Golang, and Bash. Experience with the following networks is also helpful:

  • Network OS
  • Windows/ Linux/ macOS
  • communications protocols
  • Firewalls
  •  IPS/IDS systems
  • virtual environments
  • data encryption
  • mobile penetration

You should also be familiar with pen test and application security tools like Kali, Metasploit, Burpsuite, Wireshark, Web Inspect, Network Mapper, and Nessus.

Along with certifications, education and experience, make sure that you are the right fit for the job. Other skills you will need are security assessment tools, technical writing, technical documentation, cloud architecture, remote access technologies, pentest management platforms, cryptography, and more.

The last thing you can do is hone your craft and keep up with the current cybersecurity industry. Be sure to keep working on your skills and stay up-to-date on the latest trends. Programming and network security are ever-changing, so it’s vital to stay updated.

How Much Can You Earn? 

Penetration Testers made an average of $55,000 to $133,000 once a year. According to Payscale.com, the average annual salary is $82,500. These projections are based on data from 2019. On average, bonuses, commissions, and profit-sharing can add about $17,000 per year.

These types of jobs are expected to grow as the industry expands. The US Bureau of Labor Statistics projects a 33 percent job growth for cybersecurity analysts, including penetration testers. This may happen between 2020 and 2030. This growth is much faster than the average for all other occupations that are based in the United States.

Share: