The primary objective of penetration testing is to identify security weaknesses in both systems and policies.  Penetration Tester performs penetration tests on computer systems, networks, and applications. Create new testing methods to identify vulnerabilities. Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection.

The job description of a Penetration Tester can include the following:

Responsibilities:

• Perform penetration tests on computer systems, networks, and applications.
• Create new testing methods to identify vulnerabilities.
• Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection.
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses.
• Search for weaknesses in common software, web applications, and proprietary systems.
• Research, evaluate, document, and discuss findings with IT teams and management.
• Review and provide feedback for information security fixes.
• Establish improvements for existing security services, including hardware, software, policies, and procedures.
• Identify areas where improvement is needed in security education and awareness for users.
• Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity)
• Stay updated on the latest malware and security threats.

Selection Criteria:

To excel in this role, you will need a wide range of skills, which include:

• Coding skills required to infiltrate any system.
• Comprehensive knowledge of computer security, including forensics, systems analysis, and more.
• Insight into how hackers exploit the human element to gain unauthorized access to secure systems.
• Clear understanding of how computer security breaches can disrupt business, including the financial and managerial implications.
• Exceptional problem-solving skills.
• Strong written and oral communication skills to document detailed reports and convey the results of their findings.
• Certificates could include: CEH, CPT, CEPT, OSCP, LPT, CMWAPT