Senior Penetration Tester .. ==

Job description

Penetration testers simulate cyberattacks to identify and report security flaws on computer systems, networks and infrastructure, including internet sites

As well as identifying problems, you may also provide advice on how to minimise risks.

You may work in-house for large companies where system security is a crucial function. However, more commonly you'll work for a security consultancy or risk management organisation, where you'll work with external clients testing the vulnerability of their systems. It's also possible to work on a freelance basis, by securing contracts from organisations.

Penetration testers are also known as pen testers or ethical hackers.

Responsibilities

As a penetration tester, you'll need to:

• understand complex computer systems and technical cyber security terms
• work with clients to determine their requirements from the test, for example, the number and type of systems they would like testing
• plan and create penetration methods, scripts and tests
• carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security
• simulate security breaches to test a system's relative security
• create reports and recommendations from your findings, including the security issues uncovered and level of risk
• advise on methods to fix or lower security risks to systems
• present your findings, risks and conclusions to management and other relevant parties
• consider the impact your attack will have on the business and its users

Qualifications:

To enter this industry, you'll usually need a relevant degree, in-depth knowledge of computer operating systems and at least two to four years of experience in a role related to information security.

Useful degree subjects include:

• computer science
• computing and information systems
• cyber security
• forensic computing
• network management
• computer systems engineering.

You're unlikely to go straight from graduation into a penetration tester role and will usually need some industry experience. However, some organisations have started to offer graduate penetration tester roles. Where graduate entry roles are offered, there are likely to be high levels of competition.

If your degree is in an unrelated subject, studying for an information security related postgraduate qualification could enhance your employability prospects in the cyber security sector. You could then work your way up to penetration testing roles. Search for postgraduate courses in cyber security.

The Civil Service offers a Government Security Cyber Degree Apprenticeship (Level 6), which trains you to become a technical cyber specialist with the responsibility of helping the Government protect the UK.

As well as relevant degree qualifications, you'll often be expected to have one or more professional qualifications (trainee and graduate roles will usually include training and certification in these qualifications as part of the role). These include:

• CREST Registered Penetration Tester (CRT)
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) Certification
• GIAC Certified Penetration Tester (GPEN)
• company certification schemes from major vendors and equipment providers like Microsoft (MCP) or Cisco (CCNA Security).

You may gain these qualifications and certifications through cyber security roles, but some can be obtained through self-study. Look at job adverts for penetration testers to get a feel for which certifications employers are looking for.

It's also possible to work as a penetration tester without a degree if you have significant experience in information security and hold industry certifications.

You may need to undertake security clearance checks when applying for jobs.

Skills

You'll need to have:

• an in-depth understanding of computer systems and their operation
• excellent spoken and written communication to explain your methods to a technical and non-technical audience
• attention to detail, to be able to plan and execute tests while considering client requirements
• the ability to think creatively and strategically to penetrate security systems
• good time management and organisational skills to meet client deadlines
• ethical integrity to be trusted with a high level of confidential information
• the ability to think laterally and outside the box
• teamwork skills, to support colleagues and share techniques
• exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done
• business skills to understand the implications of any weaknesses you find
• commitment to continuously updating your technical knowledge base.

• Human Resources Services