Penetration Tester Job Description
Penetration tester
provides quality web application security audits across the various IT functions to ensure quality standards, procedures and methodologies are being followed.
Penetration Tester Duties & Responsibilities
To write an effective penetration tester job description, begin by listing detailed duties, responsibilities and expectations. We have included penetration tester job description templates that you can modify and use.
Sample responsibilities for this position include:
Contribute to Enterprise program around penetration testing and overall web application security
Responsible for scoping and execution of penetration tests against a variety of technologies including web application, mobile and infrastructure
Provide network/application vulnerability assessment and penetration testing services globally through a comprehensive testing process, identifying weaknesses and vulnerabilities within the system and proposing countermeasures
Contribute both on an individual assessment basis global strategic basis to raise the security posture across the organisation
Proven ability to perform computer network vulnerability assessment and penetration testing
Act as the subject matter expert for Enterprise Information Security (EIS) and the firm on penetration testing
Act as the subject matter expert for the firm on all aspects of penetration testing
Be an individual contributor for the entire Enterprise wide penetration testing program and all its components
Work closely with Application Developers, their management, and the project management office
Examine current penetration testing practices and identify key risks, then execute programs to address them
Penetration Tester Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Penetration Tester
List any licenses or certifications required by the position: OSCP, GPEN, CEH, CREST, GWAPT, CISSP, OSCE, GXPN, OSWE, CISA
Education for Penetration Tester
Typically a job would require a certain level of education.
Employers hiring for the penetration tester job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Engineering, Education, Computer Engineering, Information Security, Information Technology, Technology, Computer, Cyber Security
Skills for Penetration Tester
Desired skills for penetration tester include:
Tools used for wireless
Web application
Network security testing
Firewalls
TCP/IP
IDS/IPS
Kali Linux
Networking
Antivirus
Web content filtering
Desired experience for penetration tester includes:
Understand the business context/significance of technical penetration test findings
Consistently output superior quality of deliverable
Possess an entrepreneurial attitude to excel in loosely defined scenarios
DoD 8570.01-M approved security certification
Ethical Hacking security certification
Security expertise, especially in security requirements or threat modeling
Penetration Tester Examples
1
Penetration Tester Job Description
Job Description Example
Our innovative and growing company is looking for a penetration tester. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for penetration tester
- Incorporate business considerations
- Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, to ensure useful, measurable, and repeatable methods applied to quantifying risk
- Publish security
- Collaborating with a variety of internal stakeholders (security consultants, project managers, development teams, security architects, technical SME’s) to deliver high quality penetration tests
- The production of penetration test reports which highlight and clearly articulate vulnerabilities and weaknesses to stakeholders in non technical language
- Developing testing plans to successfully conduct application testing, infrastructure testing, scenario based testing, process testing, social engineering consistently throughout DLG
- Reporting on and suggesting fixes to vulnerabilities identified
- Managing remediation of vulnerabilities with Business owners, 3rd party vendors and internal resources
- Identifying potential network, system, application and physical security vulnerabilities
- Researching existing exploit code and developing mitigation strategies evaluation and implementation
Qualifications for penetration tester
- US Citizen, expected to be able to obtain Secret security clearance if required
- Interest in security vulnerabilities and exploitation (as a practitioner)
- Bachelors / Masters in Computer Science, Information Systems or equivalent
- Experience in performing penetration testing in cloud based environments is a plus
- Network traffic analysis expert
- Innate knowledge of the strengths and weaknesses of operating systems, network and security appliances, application language and software being used
2
Penetration Tester Job Description
Job Description Example
Our growing company is hiring for a penetration tester. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for penetration tester
- Identifying and maintaining standards and procedures for the use of tools for approved internal testing purposes
- Collaborating on current and emerging security threat trends with the Security Testing Team Leader, Senior Penetration testers and the Threat Analysts, use this intelligence in preparation of future test strategies
- Responsible for collaborating with Threat Analysts to define scenario based testing covering people, process and technology
- Participation in a variety of other internal security projects and information security activities as and when required
- Evaluate and recommend application security controls to provide adequate coverage to Duke’s business critical applications
- Perform security assessments including application scans (using tools such as Qualys, Nessus, AppScan, WebInspect, HP Fortify, )and code reviews to ensure the compliance with Duke’s S-SDLC policies
- Assist senior penetration testers with quantify application security risks using threat likelihood, implementation state, and business impact variables
- Work with developers and systems analysts to integrate secure coding practices into Duke’s business applications
- Work with the lead enterprise security architect to develop consistent source code testing methodologies and procedure
- Execute Red Team simulations based on organizationally defined threat scenarios with strict adherence to the agreed-upon rules of engagement
Qualifications for penetration tester
- Ability to reverse engineer binaries is a plus
- Understanding of SANS Top 20, OWASP Top 10, etc
- GWAPT / GPEN / GAWN certification is a plus
- Conducting vulnerability assessments and penetration testing (application and/or network)
- Ability to communicate security issues to technical and non-technical audience
- OS Security, Unix, Linux, Windows, Cisco
3
Penetration Tester Job Description
Job Description Example
Our company is growing rapidly and is looking for a penetration tester. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for penetration tester
- Adhere to the best practices and work for delivering secured and quality products
- Consult with technical experts and system owners on all aspects of Information Security and Compliance
- Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture
- Support OCC’s security objectives and remediation efforts relating to Security Assurance and Testing
- Cross-train the Security Assurance Red Team members
- Participate in “Lessons Learned” process to provide information to help OCC improve practices, methodologies, tools, and other technologies
- Participate on various technical committees and provide input and feedback to department
- Stay current on emerging technology trends and the threat landscape
- Advise IT on current and emerging threats, their attack vectors, and how to mitigate them
- Provide leadership, share knowledge and mentor team members
Qualifications for penetration tester
- Work independently or lead any size team of penetration testers on critical infrastructure and/or applications
- Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth
- Be a subject matter expert in more than 1 penetration test domain
- Ability to perform Black Box testing
- Be a subject matter expert in at least 1 penetration test domain
- Have previous auditing/consulting or penetration testing experience
4
Penetration Tester Job Description
Job Description Example
Our growing company is looking for a penetration tester. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for penetration tester
- Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies
- Provides analysis of remediation actions taken, opportunities for improvement and blockers
- Maintain internal penetration testing infrastructure
- Assist with conducting technical systems policy-based controls, penetration security test assessments, periodic reviews, and post-assessments throughout the lifecycle of a system or a program leading to system or program security controls guidance
- Support risk determination process based on Intelligence Community Directive (lCD) 503, Intelligence Community Information Technology Systems Security Risk Management, Certification and Accreditation
- Assist with development, implementation, integration, oversight, and coordination of governance activities for IC cyber security and integrated defense
- Assist with coordination and participate in IC and National-level cyber security exercises
- Provide information systems and security engineering support for the development, implementation, and evaluation of audit, authentication, authorization, and identity initiatives for IC ITE and legacy environments
- Support the coordination, development, and review of policies and mechanisms to identify common standards and guidelines relating to classification, testing, security authorization, information assurance, and risk management to achieve accreditation reciprocity
- Review and analyze implementation plans from IC ITE service providers (IC agencies responsible for implementing IC ITE initiatives) across the IC
Qualifications for penetration tester
- 3+ years of experience with leading Cybersecurity testing events, including configuration analysis, vulnerability assessments, or penetration testing
- Experience with using, administering, and troubleshooting at least two major platforms of Linux, including Ubuntu and Red Hat
- OSCP, OSCE, or OSWE or SANS Certification
- Traditional office - agile working space
- 5 additional years designing, integrating, and maintaining enterprise IT and related mission systems may be substituted for the required Bachelor’s degree
- CISSP and Penetration Tester (GPEN, L|PT, GXPN) certification preferred, C|EH and GREM certification a plus
5
Penetration Tester Job Description
Job Description Example
Our company is searching for experienced candidates for the position of penetration tester. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for penetration tester
- Support the analysis, development, evaluation, and production of all IC IA cyber security compliance and performance reports
- Responsibility for delivering high end technical testing on complex and sensitive assignments
- Actively undertaking research and other activity to enhance the company’s IPR and industry standing
- To work consistently to the highest standards possible
- To take responsibility for personal development, learning and performance levels
- In addition to the duties and responsibilities listed, the job-holder is required to perform other duties assigned by the
- Collaborate with the Engineering and Operations team to review code and identify possible security risks
- Develop and execute a penetration testing plan for each new release
- Provide coding/technical recommendations and remedies
- Spend hours trying to break our app (aka - penetration testing)
Qualifications for penetration tester
- Strong knowledge of Windows and Linux internals
- Familiar with embedded development and protocols a plus
- Programming experience in C/C++ a plus
- DIGITAL FORENSICS – familiarity with digital forensic tools and security incident response
- Strong coding skills in popular languages and platforms, including C/C++, C#, Java, Javascript/Typescript, SQL, assembly, Ruby, Python, and others, and the ability to pick up new platforms quickly Advanced Qualifications
- Expert-level knowledge in classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU vulnerabilities, cryptographic weaknesses, insecure direct object references, and others