How to land your first Penetration testing job
Pentesting (penetration testing) is a career unlike any other in a lot of ways. It will test your limits on an almost daily basis, spurring you on creatively and systematically as you test systems against a wide array of vulnerabilities and attacks. In this career, you will take on the role as an ethical hacker, hired to toughen security and harden systems within an organization. The job isn’t all action, however, as there is a massive documentation process that must be undertaken in parallel with all of this work.
What should you learn next?
Finding, testing and fixing these weaknesses must be accompanied by well documented, step-by-step guides, as well as thorough explanations. Tools used during the test must also be clearly defined and all of this information must be relayed to management.
But how do you get into such a specialized role, and how do you navigate the path towards this goal? In this article, we will take a look at a few tricks and tips to keep in mind when you are looking to land your dream job as a pentester.
What should I look for in a Pentesting job?
There is no one-size-fits-all solution to finding your dream pentesting job, primarily because each candidate will have their own skill level, personal preferences and salary expectations that need to be taken into consideration. More senior roles will have additional responsibilities and tasks that may be more suited to a candidate with the relevant experience, while more junior roles will concentrate on much of the day-to-day repetitive tasks that are often associated with the role.
So, what should you be looking for in a pentesting job? Below are some questions to ask when you are speaking with the interviewer. This will give you a good idea of what the position could be like, based on the answers that you receive.
- Who will you be working with? Working with a solid, knowledgeable team is highly beneficial to you, regardless of your skill level or experience. Ask how many people you will be working with, and what their positions are. Having access to people with high level skills can help you to move up to the next level in your career, so finding out about who you will be working with is something you should definitely find out about. It also makes you look like a team player with an interest in your role, which is always a good thing in an interview.
- What does the company do? It really helps if the company you decide to work for is in an industry you find interesting or exciting, even if the core product or service they deliver has no direct impact on your role as a pentester. This can help with motivation further down the line.
- What is the job description and scope? This is perhaps the biggest item to be aware of when you are trying to land the perfect pentesting job. Get as much detail as you can about your role, and find out what your key responsibilities are going to be. It will do neither yourself nor your employer any good if you accept a position that has core functions and responsibilities you are not comfortable taking on. That’s not to say taking on a challenging role is out of the question; a difficult job can teach you a lot, and the skills you pick up will be of great benefit to you. However, always remember to be honest and realistic in the interview.
- What are the working hours and after-hours support requirements? Your role as a pentester might require certain attacks or routines to be carried out at peculiar hours, especially if you have international target sites that are in a different time zone to you. Find out about this early on in the interviewing process to avoid disappointment.
- Are training and development resources available? Find out if the pentesting role offers any opportunities for further studying and skills development. The more you learn, the more marketable you become as a pentester for future employers.
Should I work with a technical recruiter?
Never go to a general employment recruitment agency. Rather look for specialized IT recruitment firms that have a better understanding of the role you are pursuing as a pentester. Once you have found the ideal recruiter to work with, make sure you follow some basic rules:
- Be more discerning: Resist the temptation to accept the first position that becomes available. You have a skillset that is in high demand, and the right employer will reward your patience.
- Brush up on your theory: Sometimes you will get a call from a recruitment agent and they will have some preliminary questions to ask before you even set foot in an interview. Make sure you are ready to answer general vetting questions like “what port number is X associated with?”
- Customize correspondence: Try not to use a template when dealing with recruiters. Always create an individualised response that shows that you have taken the time to consider your application.
- Showcase your skills and achievements: If you have specific skills you think would be beneficial to your application, then don’t be afraid to show them off. If you have had success in the past with projects and milestones, then mention those too.
- Make yourself available: Recruiters are usually dealing with multiple candidates at the same time, and not responding to an email or not answering your phone can sometimes be the difference between securing an interview and missing out on the opportunity altogether.
How can I make My Pentester resume/CV stand out?
This is one of the few areas of the job hunting process you may consider outsourcing to a third party, depending on your word processing prowess. There is no shame in getting a professional CV or resume typed up by a professional. If you are going to overhaul your CV yourself, then there are a few basics you should always take into consideration. Keep in mind this type of CV can be a bit more elaborate than your traditional CV. There are a lot of extra skills and competencies that need to be mentioned as pentesting is a highly specialized role.
Here are a few tips to get you started:
- Mention all relevant pentesting experience, highlighting only the most relevant information and skills you have relating to the field.
- Don’t just add lists of pentesting tools to your CV, it is lazy and it doesn’t tell the employer much detail about your skills. Don’t just mention tools like Wireshark, Burp and Aircrack on your CV. Instead, list your pentesting capabilities like wireless traffic testing, packet inspection and web testing. This lets the employer know what you can do for them in the role of pentester.
- Any certifications that relate to pentesting or cybersecurity in general must be highlighted and emphasised clearly as a potential employer will be looking for specific certs like your CEH (Certified Ethical Hacker) v9 or MCPS (Metasploit Certified Pro Specialist).
- If you have managed to build your own pentesting/security tools, then this is the place to mention them.
- Do you have any projects on Github? Include links for your potential employer to review.
- Do you have a website or blog? Are you a contributor on any pentesting platforms? These can show a potential employer that you have a keen interest, and would be a good fit with their company.
- Include references and letters of recommendation from past clients and employers, if you have any.
What is the typical Pentesting interview process like?
Each company is different, but the basic interview process usually takes place over two to three interviews, depending on the role you will be filling within the company. The first interview usually consists of a series of questions to help the interviewer gauge your level of knowledge and understanding of the pentesting role you are applying for. The first part of your interview will consist of typical questions that are designed to test your knowledge. These questions will vary in difficulty depending on the seniority of the role you are applying for.
Some basic example questions could include:
Q: What tools are used for analysing traffic on a network?
A: Packet sniffing utilities such as Wireshark are used for packet level analysis of network traffic.
Q: What are three basic precautions that protect against brute force attacks?
A: Automatic account lockout after a set number of login attempts, IP blocking via a script that detects a certain amount of failed login attempts and Firewall IP filtering to allow only trusted remote logins.
Q: What is the difference between a /23 and a /24 network?
A: A /23 network supports a maximum of 510 hosts and uses a subnet mask of 255.255.254.0, while a /24 network supports a maximum of 254 hosts and uses a subnet mask of 255.255.255.0. The /n refers to the number of network bits, and the number of subnets vary depending on the network class (A, B or C).
Will the interview include a practical assessment?
After you have answered some questions, the interview might require some hands-on pentesting simulations or exercises. This is because the nature of pentesting roles and the fact these positions require practical knowledge of how to execute real-world operations.
Additional interview considerations
Other than knowing the facts about networking principles, candidates are also usually expected to describe and explain verbally or in written form how a specific attack could take place to a non-technical person. This is an important skill, as pentesting requires excellent communication skills as well as the ability to explain complex concepts in plain language to non-technical executives or managers.
The interviewer might also want to see how you compile an incident report, or a vulnerability assessment, after the practical assessment has been completed to evaluate your written communication skills. They will likely also want to see a step-by-step report on how you achieved your results.
FREE role-guided training plans
Conclusion
Pursuing a career in cybersecurity is a lifetime of learning and skills development. Getting to the level of pentester will often require knowledge on many fronts, including programming, database administration, network security, forensics, scripting and a whole host of specific skills. More information about becoming a pentester can be found here, as well as a list of related helpful training courses from Infosec Institute.
In this Series
- How to land your first Penetration testing job
- Intelligence-led pentesting and the evolution of Red Team operations
- Red Teaming: Taking advantage of Certify to attack AD networks
- How ethical hacking and pentesting is changing in 2022
- Ransomware penetration testing: Verifying your ransomware readiness
- Red Teaming: Main tools for wireless penetration tests
- Fundamentals of IoT firmware reverse engineering
- Red Teaming: Top tools and gadgets for physical assessments
- Red teaming: Initial access and foothold
- Top tools for red teaming
- What is penetration testing, anyway?
- Red Teaming: Persistence Techniques
- Red Teaming: Credential dumping techniques
- Top 6 bug bounty programs for cybersecurity professionals
- Tunneling and port forwarding tools used during red teaming assessments
- SigintOS: Signal Intelligence via a single graphical interface
- Top tools for mobile android assessments
- Top tools for mobile iOS assessments
- Red Team: C2 frameworks for pentesting
- Inside 1,602 pentests: Common vulnerabilities, findings and fixes
- Red teaming tutorial: Active directory pentesting approach and tools
- Red Team tutorial: A walkthrough on memory injection techniques
- Python for active defense: Monitoring
- Python for active defense: Network
- Python for active defense: Decoys
- How to write a port scanner in Python in 5 minutes: Example and walkthrough
- Using Python for MITRE ATT&CK and data encrypted for impact
- Explore Python for MITRE ATT&CK exfiltration and non-application layer protocol
- Explore Python for MITRE ATT&CK command-and-control
- Explore Python for MITRE ATT&CK email collection and clipboard data
- Explore Python for MITRE ATT&CK lateral movement and remote services
- Explore Python for MITRE ATT&CK account and directory discovery
- Explore Python for MITRE ATT&CK credential access and network sniffing
- Top 10 security tools for bug bounty hunters
- Kali Linux: Top 5 tools for password attacks
- Kali Linux: Top 5 tools for post exploitation
- Kali Linux: Top 5 tools for database security assessments
- Kali Linux: Top 5 tools for information gathering
- Kali Linux: Top 5 tools for sniffing and spoofing
- Kali Linux: Top 8 tools for wireless attacks
- Kali Linux: Top 5 tools for penetration testing reporting
- Kali Linux overview: 14 uses for digital forensics and pentesting
- Top 19 Kali Linux tools for vulnerability assessments
- Explore Python for MITRE ATT&CK persistence
- Explore Python for MITRE ATT&CK defense evasion
- Explore Python for MITRE ATT&CK privilege escalation
- Explore Python for MITRE ATT&CK initial access
- Top 18 tools for vulnerability exploitation in Kali Linux
- Explore Python for MITRE PRE-ATT&CK, network scanning and Scapy
- Kali Linux: Top 5 tools for social engineering
- Basic snort rules syntax and usage [updated 2021]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Penetration testing
Intelligence-led pentesting and the evolution of Red Team operations
Penetration testing
Red Teaming: Taking advantage of Certify to attack AD networks
Penetration testing
Penetration testing
Ransomware penetration testing: Verifying your ransomware readiness