Looking for a job as a penetration tester? If so, this article is for you. Searching for a job is a process which can sometimes be a lengthy one as it involves drawing on skills you have developed over time. You can successfully find a job as a penetration tester, but it will take a reasonable investment of time and energy.
In the present article, we aim to give you practical advice to help you professionally set yourself up for your first job pursuit as a pentester.
Resume Tips and Example:
“A resume is a document that sums up your skills, experiences, and accomplishments so a potential employer can quickly see whether you are a good fit for a position. Before you start applying for jobs or internships, you’ll need to write a resume. »
Everyone can use a little help with their resume, especially if they’re pursuing a career in a highly technical field. These are a few tips that can help you optimize your resume as a penetration tester:
- If you have previous professional experience as a pentester, it is very important that you list it on your resume. Unless you have signed a Non-Disclosure Agreement (NDA), you should put the company name, positions you’ve held and your different responsibilities.
- Include all IT certifications you have earned: CEH, OSCP, CPT, etc. These are valuable for recruiters and will help you establish credibility. We will be covering this particular point in details below.
- Mention your important participations in CTF (Capture the flag) competitions and Hackathons.
- Include your own open source security software tools you have developed.
- Include code contributions in open source security projects (preferably your Github).
- You can also list the Hall of Fames you have received on platforms (HackerOne, Bugcrowd, etc.) where you have submitted valid security issues. One such example can be if I have to build a CV of my own, I would include my listing in Facebook Hall of Fame.
- Mention the token of thanks received for helping in improving the security of some organization.
- Include your presence as speaker in security conferences and the topic you covered (DefCon, Blackhat, NullCon, etc.)
- Include your security research, technical papers or blog posts you have written in the past years.
It is also crucial to pay attention for typos and grammatical mistakes in your resumes which will give a wrong image about you especially that you will be required to write long technical reports in the future. Briefly, your resume should highlight what you have done and accomplished. That is what employers are looking to understand, so keep it short and simple.
You can inspire from this LinkedIn resume which is a very good example of detailed pentester resume, but not necessarily the perfect sample.
A job interview is a one-on-one interview consisting of a conversation between a job applicant and a representative of an employer which is conducted to assess whether the applicant should be hired.
Like any other job interview, you should expect a few classical questions like self-presentation, previous professional experience, education, etc. Most of the questions will surely be inspired from your inputs on the resume which is the reason why it is highly important not to lie about anything on your resume.
In a non-traditional interview, you might be given a vulnerable application to pentest or a code to audit, and then you will be asked to write a short technical report. This is a practical way to assess applicant’s skills and make sure resume reflects the reality.
When preparing for an interview you should review the penetration testing methodologies, practice in your pentesting lab and think about the questions the interviewer may ask you. These questions might be technical ones which will vary based on the position you have applied for (Network pentester, web application pentester, etc.). Below is an example of questions you are likely to encounter during the interview:
- What are your first steps when securing a Linux server/ Windows server?
- Why is DNS monitoring important?
- What port does ping work over?
- Do you prefer filtered ports or closed ports on your firewall?
- How exactly does traceroute/tracert work at the protocol level?
- What are Linux strengths and weaknesses vs. Windows?
- Are open-source projects more or less secure than proprietary ones?
- How do you change your DNS settings in Linux/Windows?
- What’s the difference between encoding, encryption, and hashing?
- How often do you use Wireshark or Nmap?
Ethical Hacking Training – Resources (InfoSec)
- What is OWASP? What are its top 10 vulnerabilities?
- What is XSS ? its different types? Existing defenses against it?
- What are the different pentesting methodologies? Which one do you prefer?
- How do you approach a pentesting target?
- Give us examples of existing WAF solutions?
- What are bug bounty programs? Do you think it will replace traditional pentesting?
- Do you do any scripting?
- What is the difference between asymmetric and symmetric encryption?
- How the implementation of CORS can be misconfigured?
- What are the main tools you frequently use while pentesting?
Information Security Certifications:
Certifications are considered to be a plus on your resume and, under some circumstances, may guarantee your expertise. They can be good for testing your skills especially if you self-study and if you do not have a degree and relevant work experience, they may still allow you to be considered for a job interview.
When you are willing to apply for a certification exam, you should focus on certifications which are security related and are highly recognized. These certifications must demonstrate your skills at vulnerability assessment, exploitation and post exploitation, risk assessment, and reporting.
Below is a brief list of globally recognized information security certifications:
- OSCP – Offensive Security Certified Professional: it is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the BackTrack (now succeeded by Kali Linux) Penetration Testing Distribution. This cert is more practice-oriented, and it’s very valuable for recruiters.
- Certified Ethical Hacker (CEH) is a qualification obtained in assessing the security of computer systems, using penetration testing techniques. CEH exam is offered by EC-Council, and it is heavily theory based.
- GIAC Penetration Tester (GPEN) claims to be the most ‘methodical pentesting course’ that trains the student to seek and destroy security vulnerabilities within weak configurations, unpatched systems, and/or inherited legacy botched architectures. GCPT is one of the most recognized penetration testing certifications. Not quite as daunting as the OSCP, but a challenging certification nonetheless.
- CPTC (Certified Penetration Testing Consultant) and CPTE (Certified Penetration Testing Engineer): Taking each of these certifications in order: CPTE and CPTC are very similar – but the CPTC is slightly more geared towards the business end of penetration testing. Mile2 offer both of these security certifications.
- Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)². CISSP is also a globally recognized certification in the field of IT security.
Penetration testers hold a bachelor degree in Computer Science and/or a Master’s degree or Ph.D. in Computer Security. However, that does not mean all pentesters have majored in information security. You must understand that university will only provide you with fundamentals that will help you start the learning process. Information security is not an exact science because it is continuously evolving which requires constant learning.
University degree is certainly worth it, and it will stand out on your resume, but it is not a requirement for you to get a job. I know a lot of pentesters who got started on their own by self-studying and taking advantage of the valuable resources available online for free. For this particular reason, certifications can be a good thing to establish credibility and prove your expertise.
In this regard, Infosec Institute also provides a variety of different security courses and training for individuals and groups.
Briefly, the beauty of information security is that there are a lot of job opportunities, and there are not any strict requirements regarding education for being an Information Security Professional, everyone who respectable efforts in it can succeed.