Penetration TesterJob Description, Salary, Career Path, and Trends

Penetration testers assess the security systems within an organization. They conduct tests and purposefully attempt to exploit existing computer systems and software to detect and correct system weaknesses. This practice is a form of ethical hacking and requires creativity, imagination, and a strong understanding of technology systems. Penetration testers use these test results to develop recommendations and implement solutions to build the strength of an organization’s information technology (IT) systems. 

Sample job description #1

We are looking for talented penetration testers who like to break software and embedded devices.

Required skills

  • Web application penetration testing
  • Mobile application penetration testing
  • Source code vulnerability analysis
  • Serious problem-solving skills
  • US Citizenship

Good to have skills

  • Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
  • Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)
  • Network penetration testing experience
  • Protocol analysis
  • CTF experience
  • A degree in CS or related field
  • Secure coding practices
  • Cryptography
  • Reading and writing assembly (x86 and ARM)
  • Binary analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, etc.)
  • Exploit Development
  • Embedded systems experience
  • Physical security or red team experience

Perks

  • Work with an awesome small team
  • Salary and possible bonuses
  • Conference attendance
  • Flexible work, you’ll be involved in determining future projects
  • Paying for training courses
  • Healthcare and vacation benefits
  • Retirement options

Sample job description #2

The Penetration Tester, will provide broad and in depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.

Key accountabilities

  • Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk
  • Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders
  • Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing
  • Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
  • Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
  • Other duties as assigned

Minimum qualifications

  • Bachelor’s degree in a related field or equivalent experience
  • Two years of experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures
  • Minimum of four years of related work experience

Preferred qualifications

  • Experience in offensive security, with the ability to think like an adversary
  • Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks
  • Strong experience in operating system and application security hardening and best practices
  • Strong investigative mindset with an attention to detail
  • Experience with multiple operating systems to include Windows, Mac OS, Unix/Linux, and mobile platforms
  • Experience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations and hosting providers
  • Exposure and understanding of enterprise solutions from a functional and security perspective

Sample job description #3

Job description

  • Assist in scoping and executing prospective engagements
  • Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures
  • Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results
  • Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing
  • While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hires
  • Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes

Qualifications

  • Bachelor’s degree (or equivalent) in a technical field
  • Minimum of one (GPEN, CEH, and/or GWAPT) certification required
  • Must have or be willing to get Offensive Security Certified Professional (OSCP) certification within 6 months
  • 2-5 years experience in at least three of the following:
    • Network penetration testing and manipulation of network infrastructure
    • Web Application Penetration Testing
    • Email, phone, or physical social-engineering assessments
    • Shell scripting or automation of simple tasks using Perl, Python, or Ruby
    • Developing, extending, or modifying exploits, shellcode or exploit tools
    • Developing applications in C#, ASP, .NET, Objective C, Go, or Java (J2EE)
    • Reverse engineering malware, data obfuscators, or ciphers
    • Source code review for control flow and security flaws
  • Strong knowledge of tools used for wireless, web application, and network security testing
  • Thorough understanding of network protocols, data on the wire, and covert channels
  • Solid understanding of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell

Preferred skills

  • OSCE, or OSWE or SANS certification
  • Ability to travel up to 25%
  • Ability to successfully interface with clients (internal and external)
  • Ability to document and explain technical details in a concise, understandable manner
  • Ability to manage and balance own time among multiple tasks, and lead junior staff when required

Basic requirements

  • Must have the ability to gain United States Security Clearance

Average salary and compensation

The average salary for a penetration tester is $88,500 in the United States. Position salary will vary based on experience, education, company size, industry, and market.

LocationSalary LowSalary High
Phoenix, Arizona$88,000$119,100
Los Angeles, California$99,300$134,350
Denver, Colorado$82,750$111,950
Washington, DC$100,800$136,400
Miami, Florida$82,350$111,450
Orlando, Florida$76,000$102,800
Tampa, Florida$76,750$103,800
Atlanta, Georgia$80,500$108,900
Chicago, Illinois$92,550$125,200
Boston, Massachusetts$100,050$135,350
Minneapolis-St. Paul, Minnesota$79,750$107,900
New York City, New York$105,300$142,500
Philadelphia, Pennsylvania$85,750$116,000
Dallas, Texas$83,500$112,950
Houston, Texas$82,750$111,950
Seattle, Washington$96,300$130,250
National Average$75,250$101,800

Sample interview questions

  • How would you define penetration testing?
  • What would you say is the best way to test the security of a system?
  • How would you go about fixing any security breaches or potential breaches of a system?
  • As a penetration tester, do you have any previous experience in the IT or penetration testing fields?
  • Do you have any certifications which are related to penetration testing?
  • What is cross-site scripting?
  • What are common methods to prevent DDOS attacks and hackers from breaching a system?
  • What are some common open-source penetration testing tools, and what penetration testing tools do you employ?

Penetration Tester Jobs in Ashburn

    Loading RSS Feed

Need help hiring a Penetration Tester?

We match top professionals with great employers across the country. Your next career move or star employee is just around the corner. Review our career content and advice, browse our latest job openings, or email us your resume. We look forward to connecting with you soon!

Browse A-Z Job Descriptions