The #1 Resource On The Web For Cyber Security Information, Education, & Jobs

Penetration Tester

02H97177 (600 x 399)

What Are The Responsibilities of A Penetration Tester

 

Summary

A penetration tester is an ethical hacker that finds and exploits security vulnerabilities inside a web based application, a system or network. In simple words, a penetration tester is a paid hacker. You get tons of penetration tools to work with or you design them yourself and then simulate real life cyber attacks and help your organization improve security by showing them these scenarios.

Full Responsibilities

Penetration testing is kind of cool and boring at the same time. You will mostly be stuck with your PC throughout the day. You are also expected to produce documentation over your findings and the methods you use.

 

Here is the complete list of responsibilities common with a Penetration Tester.

 

  • Perform penetration tests on systems, networks and web based applications
  • Create new tools or tests and use them
  • Find out and explain the methods attackers use to exploit system weaknesses
  • Help in cost cutting, cost engagement within a security strategy of your company
  • Document all your security findings and share it with the senior staff or IT teams
  • Make improvements to the security system by enhancing the existing technology or by providing support
  • Test physical security of systems, network devices and servers
  • Find out security loopholes and fill them up with new password policies and the like
  • Define and review the requirements for any new security solution needed
  • Provide feedback over security issues to your organization and then opt to fix them

 

Career Paths

 

In order to join a company as a penetration tester, you may need to start with the following jobs:

 

  • Network Administrator
  • System Administrator
  • Network Engineer
  • Security Administrator

After that, you can go on for a senior position

  • Security consultant
  • Security architect
  • Senior penetration tester

 

Related Jobs

 

Penetration testers are commonly also known by the names

 

  • Assurance validator
  • Ethical hacker

 

Expected Salary

 

The median salary of a penetration tester is around $72,878. You should still expect to make around $44,000 – $117,398 in a year.

 

Requirements

 

Education

 

Most penetration testers hold a specialized degree because ethical hacking is more of a technical skill than a theoretical one. If you have the appropriate job or relevant technical real world experience, then you may not even need a degree to begin with.

If you want to improve your standing, you should go to hacking conferences or do a professional certification on ethical hacking.

Work Experience

 

Overall you need at least 2-4 years of security related work experience with a lot of practice in penetration testing or vulnerability assessment. If you want to become a senior penetration tester, then you should have at least 7-10 years of experience in penetration testing.

 

Soft Skills

 

A penetration tester is often compared to a bad guy. This is because as a pen tester, you have to act and think like a bad guy to predict what could come next. Employers demand creativity, curiosity and complex puzzle solving skills in candidates.

 

You should also have good attention to detail with a little bit emphasis on oral and written communication skills. Some organizations will require you to have a very strong sense of communication skills because you may be required to educate people in your team or organization.

 

Hard Skills

 

  • Unix, Windows and Linux operating systems
  • Software systems and Computer hardware
  • Security products and tools
  • Metasploit Framework
  • C,C++,C#, Java and other computer languages like PHP and PERL, ASM etc
  • Network scanning tools like Gold Disk, ACAS etc
  • Understanding of web based applications
  • ISO 27001/27002, SOX, HIPPA, NIST etc

 

Recommended Certifications

 

CEH: Certified Ethical Hacker

CEPT: Certified Expert Penetration Tester

OSCP: Offensive Security Certified Professional

GCIH: GIAC Certified Incident Handler

CVA: Certified Vulnerability Assessor

CPT: Certified Penetration Tester

GPEN: GIAC Certified Penetration Tester

CISSP: Certified Information Systems Security Professional