Penetration Tester Job Description
Penetration Tester Duties & Responsibilities
To write an effective penetration tester job description, begin by listing detailed duties, responsibilities and expectations. We have included penetration tester job description templates that you can modify and use.
Sample responsibilities for this position include:
Penetration Tester Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Penetration Tester
List any licenses or certifications required by the position: OSCP, GPEN, CEH, CREST, GWAPT, CISSP, OSCE, GXPN, OSWE, CISA
Education for Penetration Tester
Typically a job would require a certain level of education.
Employers hiring for the penetration tester job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Engineering, Education, Computer Engineering, Information Security, Information Technology, Technology, Computer, Cyber Security
Skills for Penetration Tester
Desired skills for penetration tester include:
Desired experience for penetration tester includes:
Penetration Tester Examples
Penetration Tester Job Description
- Incorporate business considerations
- Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, to ensure useful, measurable, and repeatable methods applied to quantifying risk
- Publish security
- Collaborating with a variety of internal stakeholders (security consultants, project managers, development teams, security architects, technical SME’s) to deliver high quality penetration tests
- The production of penetration test reports which highlight and clearly articulate vulnerabilities and weaknesses to stakeholders in non technical language
- Developing testing plans to successfully conduct application testing, infrastructure testing, scenario based testing, process testing, social engineering consistently throughout DLG
- Reporting on and suggesting fixes to vulnerabilities identified
- Managing remediation of vulnerabilities with Business owners, 3rd party vendors and internal resources
- Identifying potential network, system, application and physical security vulnerabilities
- Researching existing exploit code and developing mitigation strategies evaluation and implementation
- US Citizen, expected to be able to obtain Secret security clearance if required
- Interest in security vulnerabilities and exploitation (as a practitioner)
- Bachelors / Masters in Computer Science, Information Systems or equivalent
- Experience in performing penetration testing in cloud based environments is a plus
- Network traffic analysis expert
- Innate knowledge of the strengths and weaknesses of operating systems, network and security appliances, application language and software being used
Penetration Tester Job Description
- Identifying and maintaining standards and procedures for the use of tools for approved internal testing purposes
- Collaborating on current and emerging security threat trends with the Security Testing Team Leader, Senior Penetration testers and the Threat Analysts, use this intelligence in preparation of future test strategies
- Responsible for collaborating with Threat Analysts to define scenario based testing covering people, process and technology
- Participation in a variety of other internal security projects and information security activities as and when required
- Evaluate and recommend application security controls to provide adequate coverage to Duke’s business critical applications
- Perform security assessments including application scans (using tools such as Qualys, Nessus, AppScan, WebInspect, HP Fortify, )and code reviews to ensure the compliance with Duke’s S-SDLC policies
- Assist senior penetration testers with quantify application security risks using threat likelihood, implementation state, and business impact variables
- Work with developers and systems analysts to integrate secure coding practices into Duke’s business applications
- Work with the lead enterprise security architect to develop consistent source code testing methodologies and procedure
- Execute Red Team simulations based on organizationally defined threat scenarios with strict adherence to the agreed-upon rules of engagement
- Ability to reverse engineer binaries is a plus
- Understanding of SANS Top 20, OWASP Top 10, etc
- GWAPT / GPEN / GAWN certification is a plus
- Conducting vulnerability assessments and penetration testing (application and/or network)
- Ability to communicate security issues to technical and non-technical audience
- OS Security, Unix, Linux, Windows, Cisco
Penetration Tester Job Description
- Adhere to the best practices and work for delivering secured and quality products
- Consult with technical experts and system owners on all aspects of Information Security and Compliance
- Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture
- Support OCC’s security objectives and remediation efforts relating to Security Assurance and Testing
- Cross-train the Security Assurance Red Team members
- Participate in “Lessons Learned” process to provide information to help OCC improve practices, methodologies, tools, and other technologies
- Participate on various technical committees and provide input and feedback to department
- Stay current on emerging technology trends and the threat landscape
- Advise IT on current and emerging threats, their attack vectors, and how to mitigate them
- Provide leadership, share knowledge and mentor team members
- Work independently or lead any size team of penetration testers on critical infrastructure and/or applications
- Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth
- Be a subject matter expert in more than 1 penetration test domain
- Ability to perform Black Box testing
- Be a subject matter expert in at least 1 penetration test domain
- Have previous auditing/consulting or penetration testing experience
Penetration Tester Job Description
- Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies
- Provides analysis of remediation actions taken, opportunities for improvement and blockers
- Maintain internal penetration testing infrastructure
- Assist with conducting technical systems policy-based controls, penetration security test assessments, periodic reviews, and post-assessments throughout the lifecycle of a system or a program leading to system or program security controls guidance
- Support risk determination process based on Intelligence Community Directive (lCD) 503, Intelligence Community Information Technology Systems Security Risk Management, Certification and Accreditation
- Assist with development, implementation, integration, oversight, and coordination of governance activities for IC cyber security and integrated defense
- Assist with coordination and participate in IC and National-level cyber security exercises
- Provide information systems and security engineering support for the development, implementation, and evaluation of audit, authentication, authorization, and identity initiatives for IC ITE and legacy environments
- Support the coordination, development, and review of policies and mechanisms to identify common standards and guidelines relating to classification, testing, security authorization, information assurance, and risk management to achieve accreditation reciprocity
- Review and analyze implementation plans from IC ITE service providers (IC agencies responsible for implementing IC ITE initiatives) across the IC
- 3+ years of experience with leading Cybersecurity testing events, including configuration analysis, vulnerability assessments, or penetration testing
- Experience with using, administering, and troubleshooting at least two major platforms of Linux, including Ubuntu and Red Hat
- OSCP, OSCE, or OSWE or SANS Certification
- Traditional office - agile working space
- 5 additional years designing, integrating, and maintaining enterprise IT and related mission systems may be substituted for the required Bachelor’s degree
- CISSP and Penetration Tester (GPEN, L|PT, GXPN) certification preferred, C|EH and GREM certification a plus
Penetration Tester Job Description
- Support the analysis, development, evaluation, and production of all IC IA cyber security compliance and performance reports
- Responsibility for delivering high end technical testing on complex and sensitive assignments
- Actively undertaking research and other activity to enhance the company’s IPR and industry standing
- To work consistently to the highest standards possible
- To take responsibility for personal development, learning and performance levels
- In addition to the duties and responsibilities listed, the job-holder is required to perform other duties assigned by the
- Collaborate with the Engineering and Operations team to review code and identify possible security risks
- Develop and execute a penetration testing plan for each new release
- Provide coding/technical recommendations and remedies
- Spend hours trying to break our app (aka - penetration testing)
- Strong knowledge of Windows and Linux internals
- Familiar with embedded development and protocols a plus
- Programming experience in C/C++ a plus
- DIGITAL FORENSICS – familiarity with digital forensic tools and security incident response
- Strong coding skills in popular languages and platforms, including C/C++, C#, Java, Javascript/Typescript, SQL, assembly, Ruby, Python, and others, and the ability to pick up new platforms quickly Advanced Qualifications
- Expert-level knowledge in classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU vulnerabilities, cryptographic weaknesses, insecure direct object references, and others