Penetration testers assist businesses in identifying and resolving security vulnerabilities affecting their web applications and networks. As a pen tester, you will take on the role of a professional, ethical hacker hired to strengthen an organization’s cybersecurity.
Penetration testers simulate cyber attacks and additional security breaches geared towards accessing sensitive information. In addition, certified ethical hackers typically deploy off-the-shelf hacking tools and tactics to supplement their own methodology.
Ethical hacking jobs also include a significant documentation process that has to be followed simultaneously with all of the penetration testing. For example, a certified ethical hacker documents their actions during a simulated cyber attack to produce thorough reports denoting how they succeeded in bypassing established security protocols and to what extent.
You may wonder how to get a job as a penetration tester and how you navigate the path towards a career in red team pentesting?
In this guide, we will provide advice on how to become a pentester and supply some reasonable estimations on an entry-level penetration tester’s salary. We’ll also provide some tips on getting hired for junior penetration tester jobs.
1. Take courses, earn certifications, and become a Certified Ethical Hacker
To get an entry-level job, it is recommended to earn notable certifications related to pentesting and cybersecurity. Such certifications like CEH (Certified Ethical Hacker) and OSCP (Offensive Security Certified Professional) can be earned by taking courses offered by the cert vendors. These security certifications are in high demand, and hiring managers will look for these certificates in your CV. Therefore, emphasizing these certifications on your CV will be important in attracting attention from potential employers.
2. Participate in vulnerability disclosure programs and bug bounties
Vulnerability disclosure programs (VDP) permit security researchers to report security vulnerabilities to companies. VDPs also assist companies in mitigating security hazards by permitting the disclosure and remediation of vulnerabilities prior to malicious exploitation.
Participating in vulnerability disclosure programs and including them on your CV shows that you have the ability to report potential security vulnerabilities to organizations in a formalized and responsible way.
Earning certifications alone typically may not be enough to get hired for an entry-level job since hiring managers will also be looking for work experience.
Participating in bug bounties and writing mitigation reports highlights that you know how to perform vulnerability assessments and know how to provide solutions to fix the security vulnerabilities. These kinds of experiences in your CV will undeniably attract potential employers to contact you for job interviews.
3. Create a website or a blog with a focus on information security
Most people, including security researchers, do not have a website or blog showcasing their expertise and passion. So to stand out from other job candidates, you have to do something different.
Websites and blogs can show hiring managers that you have a genuine interest in what you do and that you aren’t only in it for the money.
Managing to keep your website or blog up-to-date is another bonus that will surely display your dedication to the security field.
4. In your resume/CV, include a list of pentesting tools you use and list your ethical hacking capabilities
Employers will be looking at the kinds of penetration testing tools you use in your resume or CV as part of a checklist. In addition, you’ll likely be asked what kind of tools you use and the specifics of what they do in your bug bounties. Hence, it is best to be prepared for this type of question in job interviews.
Penetration testing interview questions can range from “What is the most challenging thing you’ve experienced” to “What is privilege escalation?”
It would also be a good idea to list your ethical hacking capabilities, such as web application security assessments, wireless network pentesting, packet inspections, and phishing.
Keep in mind that you do not want to only just “list” your capabilities; you’ll want to describe them in detail on your resume or CV. Merely listing your tools and capabilities is lazy and does not really show what you can truly do.
When you can demonstrate your value both verbally and in writing, that is when you really grab the attention of the employer. An outstanding job candidate is a brilliant salesperson who can convince others that they are better than they actually are.
5. Mention any security tools you’ve created and any projects on GitHub
Let’s face it: No one likes a script kiddie. A script kiddie is essentially a person who only uses scripts or programs developed by skilled individuals. The majority of script kiddies do not have the ability to create complex exploits or scripts independently.
Hence, it is highly recommended to mention the security tools you’ve coded and the GitHub projects you’ve been involved in on your resume or CV. This is important since it shows you know how to utilize off-the-shelf hacking tools professionally and know how to create your own ideas and turn them into reality. Notably, this illustrates that you can contribute to the cybersecurity community concretely.
You will want to be better than your competitors at every cost, including the script kiddies.
6. Try to get references and letters of recommendation from past clients and employers
If it is possible, contact past clients and employers for references and letters of recommendation. You’ll want to include them on your resume or CV. Such references and letters of recommendation show potential employers that you can be trusted and are a true professional.
More importantly, the references will indicate that you know how to communicate and make genuine lasting connections. Thus, the professional endorsement will benefit you in the long term.
7. Search for jobs on websites and take notes
If you are looking for job opportunities, consider searching for entry-level penetration testing jobs online.
Cybersecurity job listings of companies normally indicate what you are going to be responsible for. So please take advantage of it and brainstorm all potential solutions. In addition, you’ll likely want to prepare notes for your upcoming interviews.
Please pay attention to what the employee is seeking and take notes on their requirements and expectations from you. Also, you’ll want to do research on the company and obtain an overview of the organization from other company employees. Other employees can include the Human Resources (HR) person you initially talk to during your first interview, who can provide you with some information regarding the employer’s company.
Note that the initial HR individual differs from the hiring manager you may encounter during a second or third interview.
8. Research job salary expectations
One of the questions you will be asked in your interview is your salary expectations for the job. So, naturally, you will want to have already researched the average salary of the job.
Pentesting jobs come in many flavors. Jobs can be split into various subcategories, such as network security engineers, social engineering specialists, and web application security researchers. These jobs can all have different average salaries, depending on where you live.
Hence, you’ll want to research the salaries for different entry-level jobs and what salaries are reasonable for a novice ethical hacker. Refrain from asking for six-figure salaries if you don’t have a lot of experience already. The last thing you want to do is embarrass yourself by asking for an unreasonably high salary when you are just starting out.
9. Prepare for job interviews and various questions
Even just having the experience and education aren’t enough these days. You’ll need to practice how to sell yourself.
Job candidates have to put in their best possible efforts to secure the jobs they desire most. In such a scenario, you’ll want to focus on practicing your verbal presentation. Your ability to speak confidently and calmly will grant you an advantage in job interviews with hiring managers.
Companies hire employees to find solutions to their security issues. Thus, be prepared to explain solutions to the employers concisely.
Generally, candidates are worried about not answering correctly to technical questions in technical interviews. Such technical interviews usually occur during the second interview with the employer. Based on our own experiences, we often found that simpler questions posed more of a challenge than technical questions.
Simpler questions include “Tell me a little about yourself. What do you do?”, “What kind of impact have you made?” and “What is the most challenging thing you’ve faced?”. Your answers should be genuine and concise.
Technical questions are less surprising such they are asking answers for specific things, whereas general questions can be answered with a broader perspective. There can be many answers to general questions asked by the technical interviewer. It is unreasonable to answer every technical question correctly since no individual is perfect. One candidate may answer every technical question correctly, but it doesn’t necessarily prove they are technically better than another candidate who got quite a few questions wrong.
You could get asked a technical question such as “What is a SQL injection?” In such a scenario, you will also want to provide an example with your answer. Ideally, you’ll want to explain how you discovered and mitigated a SQL injection or other vulnerability in one of your bug bounties.
It would help if you were capable of explaining how you are going to achieve certain objectives and make the employer’s company more secure.
Many candidates only expect technical questions to be asked in the technical interview, but they are caught off guard when the interviewer starts asking general questions. So expect the unexpected.
Therefore, the key thing to take away from this section is just because it’s a technical interview doesn’t mean the technical interviewer won’t ask you about other things that have happened in your life.
10. Subscribe to Vulnerability Disclosure Mailing Lists
As a security researcher, it is important to keep up-to-date with the latest announced vulnerabilities. You should always be analyzing and grading the severity of vulnerabilities. It’s vital to think of the possible mitigations for such vulnerabilities. Practice will make you a better security researcher.
By subscribing to vulnerability disclosure mailing lists, you are increasing your awareness of cybersecurity and keeping up-to-date on the latest vulnerabilities that haven’t been patched yet by the vendors.
11. Master the OWASP Top 10 & MITRE ATT&CK
If you want to be a security researcher, you ought to obtain a comprehensive understanding of the Open Web Application Security Project (OWASP) Top 10 list and MITRE ATT&CK™ framework.
OWASP Top 10 refers to an online document maintained on OWASP’s website that indicates the ranking of and remediation tactics for the top 10 most crucial web application security risks.
The OWASP Top 10 list is updated every 2 to 3 years in line with developments and alterations in the Application Security market. The report is based on an agreement between security professionals from around the globe. Thus, it is important to stay current with the OWASP Top 10 list.
MITRE ATT&CK™ stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK™ framework is a knowledge base and model of cyber adversarial tactics and techniques based on real-world observations.
Notably, the tactical knowledge and techniques presented in the model provide a customary taxonomy of individual cyber adversary actions grasped by both offensive and defensive sides of cybersecurity. Furthermore, the framework provides a suitable level of categorization for cyber adversarial action and particular means of defending against it.
Chances are, you’ll be asked questions related to the OWASP Top 10 & MITRE ATT&CK in your interviews with potential employers. You’ll also be expected to keep up-to-update with the list and framework in your profession.
12. Prepare a list of questions to ask the HR employees
In any tech interview, you will probably be asked to ask questions. This is something you do not want to skip. However, if you don’t have any questions to ask HR, you will likely not be taken seriously.
Not having any questions show your lack of interest in the company and its culture. Moreover, having too many questions could indicate your lack of research for the job and company.
13. Keep applying for jobs
The reality is that you will not get hired for every job you’ve applied no matter what your qualifications and experiences are. So you must keep applying for jobs you believe you qualify for.
You could be the best candidate for the jobs you’ve applied for, but not everyone will agree with that. Some employers will not even open your resume or CV, but other employers will open them. Everybody has different personalities and standards. No one is the same.
You might think that you’ve passed all of the interviews, but someone else could ultimately still get the dream job. Life is unpredictable.
Hence, it is imperative not to just focus on that one job you really want. Instead, focus on wanting many jobs. This way, you’ll have a higher success rate when it comes to getting your job applications viewed fully.
Penetration tester’s salary
You are probably wondering about the salary for a penetration tester. We’ve already mentioned that there are different kinds of entry-level positions and the salaries will generally differ based on where you live.
Nonetheless, the starting salaries for entry-level jobs are often fairly high. This is due to the fact that penetration testers play a significant role in maintaining the persistent security of an organization’s IT system. Consequently, their skills are considerably sought-after.
According to PayScale, the average salary for a penetration tester is $86,241, and the range of pay for penetration testers is $59,000 to $137,000.