The requirements for such a specialist, of course, are different from the requirements for an astronaut, and it is not necessary to be physically resilient – you can generally not get up from the sofa for a long time, but anyway there are some important nuances too.

For example, some job responsibilities of a pentester:

  1. Penetration tests (pentest):
  • external and internal penetration testing;
  • security analysis of web applications;
  • security analysis of wireless networks;
  • penetration testing using methods of sociotechnical engineering.
  1. Penetration tests according to the PCI DSS standard.
  2. Development of reports and recommendations according to testing results.
  3. Self-development and development of competencies of the department in the field of information security.

Main requirements:

  • High technical education in the field of information security.
  • Knowledge of administering * nix and Windows systems, web servers.
  • Knowledge of network protocols (TCP / IP), security technologies (802.1x), as well as the main vulnerabilities of network protocols (arp-spoofing, ntlm-relay).
  • Knowledge of web protocols and technologies (http, https, soap, ajax, json, rest …), as well as the main web vulnerabilities (OWASP Top 10).
  • Knowledge of the information security products market (manufacturers, suppliers, competitors, development trends, characteristics, needs and expectations of customers).
  • Understanding of information security technologies (WAF, VPN, VLAN, IPS / IDS, DLP, DPI, etc.).
  • Experience in nmap, sqlmap, dirb, wireshark, burp suite, Metasploit, Responder, Bloodhound programs.
  • Experience in Kali Linux OS.
  • Knowledge of OWASP, PCI-DSS methodologies.
  • Development experience (Python, PHP, Ruby, bash, Powershell, Java, C, Assembly).
  • Understanding the basics of reverse engineering.
  • Knowledge of English not lower than Intermediate level.

Will be a plus:

  • Experience in reverse engineering and malware analysis.
  • Experience in exploiting binary vulnerabilities.
  • Certificates CEH, OSCP, OSCE, etc.
  • Participation in professional competitions (CTF, hackathon, olympiads).
  • Participation in Bug Bounty programs.
  • Having own CVE.
  • Speech experience at professional conferences.

Tips from System Admins

In such job, nobody is interested in a technical genius-sociophobe. Usually, an outgoing person is required here, who can:

  • explain to the customer what he really wants and how it will look;
  • correctly present and protect own actions and recommendations in written and verbal form;
  • if case of success, create a “wow effect”;
  • in case of failure, create a “wow effect” (the minuses of the pentest are the pluses of information security);
  • be stress-resistant;
  • solve tasks on time even on cross-projects.
  • be in trend (oh, yes, to be in trend is a “must” for all IT professionals):
  • be constantly evolving.
  • read IT chats in a telegram, foreign blogs, news, track Twitter.
  • learn new tools, track changes in repositories.
  • attend conferences, create speeches by himself, write articles.
  • train new employees.
  • be certified.
  • do not burn out.