Duties and Responsibilities
The typical duties of a penetration tester depend on the employer. However, there are several core tasks that are common to all penetration tester roles.
- Conducting tests on networks and applications: You must design tests to break into security protected networks, computer systems and web-based applications to look for vulnerabilities.
- Physical security assessments: You must conduct physical assessments of server systems and network device security. In these physical assessments, you look for ways to exploit vulnerabilities and design solutions to security issues such as temperature, vandalism, humidity and natural disasters.
- Conducting security audits: You will conduct security and network audits to evaluate how well an organizations system conforms to a set of established criteria. This will help you to pinpoint ways that attackers could exploit weaknesses in security systems.
- Analyzing security policies: Organizations enforce security policies that identify procedures and rules for accessing and using their IT resources. Your job will be to analyze these policies for effectiveness, make suggestions for improvements and to work to enhance methodological material.
- Writing security assessment reports: After conducting your research and tests, you will have to document your findings, write security reports and discuss solutions with IT and management teams.
There are some entry level jobs available, but many companies look to hire penetration testers with bachelor?s degrees in computer science, information technology or other related fields.
However, with the development of online learning courses, there are other options to becoming a penetration tester. Cybrary offers an extensive online course to train to become a penetration tester. The course offers you the opportunity to connect with real world industry professionals, who will mentor you along the way. The 160 hour course teaches you the resources, skills and abilities to sit and pass industry recognized certification exams.
Skills and work experience
Lots of employers will also look for relevant work experience. They will look for advanced computer skills and an understanding of networking. Employers will expect you to have the knowledge to be able to use these skills to be able to ethically hack into systems and to be able to keep up to date with security software packages.
Employers will also look for scripting and programming skills because many penetration tester roles require knowledge of specific programming languages or operating systems. Data analytics skills are also a must because you need to review data and analyze the processes needed to accurately correct security issues and threats.
You will also need to have excellent written and oral communication skills as you will be writing reports about security systems for other teams (such as management or IT) to see and use.
Finally, problem solving skills are also key as you will need to be able to protect networks from unexpected and potentially serious risks. This means you have to think outside the box and work to resolve threats quickly
Software and programs used
- They typically use these security assessment tools: Aircrack-ng, burp suite, SQLmap
- They use these security frameworks: NIST, SOX, HIPPA
- They use these operating systems: Linux, UNIX, Windows
Typically, penetration testers will work regular business hours (Monday to Friday, 9am to 5pm). However, you may also need to work longer hours (such as evenings and weekends) dependent on the needs of the business and the security threats.
According to the Bureau of labour statistics, penetration testers make an annual median salary of $95,510. The lowest 10% earn $55,560, while top 10% earn over $153,090.
Penetration testers have a very high rate of job growth. The Bureau of Labour Statistics estimated a 28% rate of growth for this profession, which is over four times the national average job growth rate for all occupations.
Most penetration testers work for a company. However, you can aspire to work as a consultant on a freelance basis (either in your own consulting business or for a consulting firm.
Penetration testers typically advance to senior penetration tester, lead cyber-security specialist, security consultant or security architect.