Penetration Tester Sample Job Descriptions

[Your Company Name] needs a qualified penetration tester to join our IT team! As our penetration tester, you will be responsible for conducting regular audits and inspections in order to make sure our network and computer systems are secure. You will work regular office hours and will be required to configure information systems as well as design and create new systems in order to fix known vulnerabilities. The ideal candidate will have previous experience in the IT field, as well as ideally previous experience in a position as a penetration tester. You may also be required to assist other IT employees with tasks and present information to the correct supervisors when requested. If this position sounds of interest to you, please don’t hesitate to apply! We would love to have you on your team.

Typical duties and responsibilities

• Conduct formal testing on computer systems 
• Assess the security of computer software and hardware
• Conduct security audits and legal cyberattack simulations by designing and utilizing hacking tools to access designated pieces of data during a predetermined time frame
• Generate tools for breaking into security systems 
• Detect and correct system weaknesses 
• Provide recommendations based on an assessment of hardware and software systems 
• Implement solutions to enhance data security
• Provide IT support

Education and experience

This position requires a bachelor’s degree in cybersecurity, computer science, information technology, or a related field. 

Required skills and qualifications

• Robust creativity and problem-solving skills
• Ability to think analytically
• Knowledge of technical systems and terminology 
• Proficiency in scripting languages 
• Ability to identify and exploit vulnerabilities 
• Advanced written and verbal communication skills

Preferred qualifications

• Deep knowledge of at least one programming language (Python, Go, Java, PowerShell, etc.)
• Advanced knowledge of Linux and/or Windows OS and experience in supporting and installing multiple software products
• Strong written/verbal communication and interpersonal skills

We are looking for talented penetration testers who like to break software and embedded devices.

Required skills

• Web application penetration testing
• Mobile application penetration testing
• Source code vulnerability analysis
• Serious problem-solving skills
• US Citizenship

Good to have skills

• Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
• Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)
• Network penetration testing experience
• Protocol analysis
• CTF experience
• A degree in CS or related field
• Secure coding practices
• Cryptography
• Reading and writing assembly (x86 and ARM)
• Binary analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, etc.)
• Exploit Development
• Embedded systems experience
• Physical security or red team experience

Perks

• Work with an awesome small team
• Salary and possible bonuses
• Conference attendance
• Flexible work, you’ll be involved in determining future projects
• Paying for training courses
• Healthcare and vacation benefits
• Retirement options

The Penetration Tester, will provide broad and in depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.

Key accountabilities

• Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk
• Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders
• Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing
• Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
• Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
• Other duties as assigned

Minimum qualifications

• Bachelor’s degree in a related field or equivalent experience
• Two years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures
• Minimum of four years of related work experience

Preferred qualifications

• Experience in offensive security, with the ability to think like an adversary
• Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks
• Strong experience in operating system and application security hardening and best practices
• Strong investigative mindset with an attention to detail
• Experience with multiple operating systems to include Windows, Mac OS, Unix/Linux, and mobile platforms
• Experience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations and hosting providers
• Exposure and understanding of enterprise solutions from a functional and security perspective

Duties

• Assist in scoping and executing prospective engagements
• Understand and safely use various open source penetration testing tools and when appropriate, emulate hacker tactics, techniques, and procedures
• Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results
• Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing
• While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hires
• Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes

Qualifications

• Bachelor’s degree (or equivalent) in a technical field
• Minimum of one (GPEN, CEH, and/or GWAPT) certification required
• Must have or be willing to get Offensive Security Certified Professional (OSCP) certification within 6 months
• 2-5 years experience in at least three of the following:
  • Network penetration testing and manipulation of network infrastructure
  • Web Application Penetration Testing
  • Email, phone, or physical social-engineering assessments
  • Shell scripting or automation of simple tasks using Perl, Python, or Ruby
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Developing applications in C#, ASP, .NET, Objective C, Go, or Java (J2EE)
  • Reverse engineering malware, data obfuscators, or ciphers
  • Source code review for control flow and security flaws
• Strong knowledge of tools used for wireless, web application, and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Solid understanding of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell

Preferred skills

• OSCE, or OSWE or SANS certification
• Ability to travel up to 25%
• Ability to successfully interface with clients (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance own time among multiple tasks, and lead junior staff when required

Basic requirements

• Must have the ability to gain United States Security Clearance