Overview of Penetration Tester Jobs
“It Takes a Hacker to Catch a Hacker” may be the 21st century version of the old idiom. A Penetration Tester or “Pen Tester” also known as an Ethical Hacker is the “white hat” individual who is responsible for exposing vulnerabilities- and rather than “catch a hacker” aims to stop them from successful intrusion. As an ethical hacker you are paid to legally exploit a system, analyzing it for weaknesses and then report back on what you’ve found. The aim is to prevent “black hat” or malicious hackers from compromising a system. There’s always a specific goal in mind.
The ultimate goal is of course to fortify your palace and eliminate penetrable walls.
Break the system and then make it stronger so that it won’t break again, or at least not in the same way. This is why there is an increasing demand for pen testers, as hackers become increasingly honed the threat of compromise remains. A pen tester may be a permanent member of an organization or business who actively engages in authorized attacks on a computer system.
Penetration Tester Job Descriptions
- Initiate Digital Reconnaissance Testing with specified goals in mind
- Explore web applications for cybersecurity-related vulnerabilities
- Execute formal penetration tests as part of a full security audit- tests may be overt or covert depending on the requests of upper management
- Assess physical environment and access controls to servers, systems, and network devices to create physical security assessments.
- Define requirements for information security solutions
- Design and create innovative penetration tools and tests
- Review System Configuration
- Gather information using network sniffing techniques to identify active devices, identify operating systems, identify unauthorized activities, identify unencrypted usernames and passwords.
- Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
- Report findings on the nature of the security threat whether business-related, or otherwise
- Discuss and Document findings with management and CSIRT teams
- Remain current on security services and continually enhance existing methodology
Types of Penetration Tests
As is commonly misunderstood, a penetration test is not a vulnerability test. As a general rule of thumb, a penetration test has a specific goal in mind while a vulnerability test searches for vulnerabilities within a system that is most-likely already weak and or compromised. As a pen tester you will execute specific tests always within the framework of an ethical hack.
Below are a list of common types of pen tests:
- Social Engineering Test
- Wireless Security Test
- Network Service Test
- Remote dial-up war dial
Penetration Tester Career Pathway
Based on your starting point (whether you’re already a penetration tester, network administrator, a security architect, or a student) there are a few paths to entering the field of penetration testing. We’ve listed some different levels at which you can engage in penetration testing below. These levels will depend on the typical number of years of experience associated with career stages (entry, middle, senior) as well as how specialized your education is. For an in-depth look at how job experience in cyber security and education levels compare and contrast, check out our guide on how to prepare for a career in cyber security.
A note on the positions below: Some job titles are tiered within that position- a position labeled “mid-level” for example, may have a range between mid to advanced.
- Entry level:Security Administrator, Digital Forensics Technician, Junior Penetration Tester
- Mid-Level Level:Digital Forensic Technician, Penetration Tester, Security Consultant
- Senior Level: Senior Penetration Tester, Security Architect, Advanced Ethical Hacker
Technical Skills
- Knowledge of hacking tools such as application specific scanners, debuggers, encryption tools, firewalls, fuzzers, intrusion detection systems, packet crafting tools, packet sniffers, Linux Hacking Distros, Rootkit Detectors, and more
- Reverse Engineering
- Forensic Tools
- Knowledge of All operating systems such as Unix/Linus, OSX, Windows
- Security log management
- AppScan
- Fortify
- SOX
- NIST
- Nessus
- nmap
Soft Skills
- Patience
- Oral and Written Communication
- Creative Thinking
- Integrity
- Accountability
- Confidentiality
Penetration Tester Job Outlook and Salary
There are thousands of jobs available for penetration testers across the nation. This is a highly specialized field. Penetration Tester positions are projected to grow by 18% by 2024, which is a much faster rate than most fields. The median salary of penetration tester is $71,660, though can range from $60,000 – $120,000+
Penetration Tester Resources
- For information how to utilize the G.I Bill Head to the U.S. Department of Veteran Affairs
- Head to Indeed.com for a Job in Penetration Testing
- This is the OWASP Testing Handbook
- This is a Technical Guide to Information Security Testing and Assessment from the National Institute of Standards and Technology.