Also known as: PenTester, Ethical Hacker, Security Tester
A Penetration Tester probes for and exploits security vulnerabilities in web-based applications, networks and systems.
In other words, you get paid to legally hack. In this “cool kid” job, you will use a series of penetration tools – some predetermined, some that you design yourself – to simulate real-life cyber attacks. Your ultimate aim is to help an organization improve its security.
Ethical hacking is a mix of sexiness and boring bits. Unlike real-life hackers, you may only have days to compromise systems. What’s more, you will be expected to document and explain your methods and findings. Penetration testing has been called one of the most frustrating jobs in the infosec field.
Overall, you are likely to be required to:
- Perform formal penetration tests on web-based applications, networks and computer systems
- Conduct physical security assessments of servers, systems and network devices
- Design and create new penetration tools and tests
- Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
- Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
- Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
- Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
- Research, document and discuss security findings with management and IT teams
- Review and define requirements for information security solutions
- Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
- Provide feedback and verification as an organization fixes security issues
During the penetration test, you will typically focus on exploiting vulnerabilities (e.g. making it a goal to break part of a system). But as Daniel Miessler points out in The Difference Between a Vulnerability Assessment and a Penetration Test, you don’t have to go all the way to prove your point:
“A penetration testing team may be able to simply take pictures standing next to the open safe, or to show they have full access to a database, etc., without actually taking the complete set of actions that a criminal could.”