The requirements for such a specialist, of course, are different from the requirements for an astronaut, and it is not necessary to be physically resilient – you can generally not get up from the sofa for a long time, but anyway there are some important nuances too.

For example, some job responsibilities of a pentester:

1. Penetration tests (pentest):

• external and internal penetration testing;
• security analysis of web applications;
• security analysis of wireless networks;
• penetration testing using methods of sociotechnical engineering.

2. Penetration tests according to the PCI DSS standard.
3. Development of reports and recommendations according to testing results.
4. Self-development and development of competencies of the department in the field of information security.

Main requirements:

• High technical education in the field of information security.
• Knowledge of administering * nix and Windows systems, web servers.
• Knowledge of network protocols (TCP / IP), security technologies (802.1x), as well as the main vulnerabilities of network protocols (arp-spoofing, ntlm-relay).
• Knowledge of web protocols and technologies (http, https, soap, ajax, json, rest …), as well as the main web vulnerabilities (OWASP Top 10).
• Knowledge of the information security products market (manufacturers, suppliers, competitors, development trends, characteristics, needs and expectations of customers).
• Understanding of information security technologies (WAF, VPN, VLAN, IPS / IDS, DLP, DPI, etc.).
• Experience in nmap, sqlmap, dirb, wireshark, burp suite, Metasploit, Responder, Bloodhound programs.
• Experience in Kali Linux OS.
• Knowledge of OWASP, PCI-DSS methodologies.
• Development experience (Python, PHP, Ruby, bash, Powershell, Java, C, Assembly).
• Understanding the basics of reverse engineering.
• Knowledge of English not lower than Intermediate level.

Will be a plus:

• Experience in reverse engineering and malware analysis.
• Experience in exploiting binary vulnerabilities.
• Certificates CEH, OSCP, OSCE, etc.
• Participation in professional competitions (CTF, hackathon, olympiads).
• Participation in Bug Bounty programs.
• Having own CVE.
• Speech experience at professional conferences.

Tips from System Admins

In such job, nobody is interested in a technical genius-sociophobe. Usually, an outgoing person is required here, who can:

• explain to the customer what he really wants and how it will look;
• correctly present and protect own actions and recommendations in written and verbal form;
• if case of success, create a “wow effect”;
• in case of failure, create a “wow effect” (the minuses of the pentest are the pluses of information security);
• be stress-resistant;
• solve tasks on time even on cross-projects.
• be in trend (oh, yes, to be in trend is a “must” for all IT professionals):
• be constantly evolving.
• read IT chats in a telegram, foreign blogs, news, track Twitter.
• learn new tools, track changes in repositories.
• attend conferences, create speeches by himself, write articles.
• train new employees.
• be certified.
• do not burn out.