Penetration Tester Job Description Sample

Updated on March 16, 2018


If you are someone who likes performing challenging work with a little spice in it, you will enjoy working as a penetration tester.

Imagine being paid to hack systems and never getting apprehended for it! A penetration tester does just that – ethical hacking. Sounds funny? Indeed! But that is the beauty of this job.

If you are an information technology expert who is not interested in standard coding and network management, this may be the right career for you.

So what does a penetration tester do?

He or she is responsible for checking a company’s system or applications to determine security flaws. He or she will attempt to break into the system as hackers would do and then provide feedback to the company’s information technology team on how a system can be secured against threats. The work is interesting if your technical expertise is right and you are interested in challenging work.


As a penetration tester, you may be required to possess a degree in information technology. Some companies may even hire you if you have a high school diploma but possess the knack for penetration testing, as the work is mostly about skills.

So if you were cheeky enough to hack into your friend’s email account as a teenager, just for kicks, this career path might interest you!

Penetration Tester Job Description Sample

• Develop and implement tools to analyze or deduce weaknesses and system flaws
• Work on existing mechanisms to determine system loopholes and document all evidence
• Attempt to break into systems and applications to determine weaknesses
• Perform vulnerability assessments using tools such as Metasploit, Nmap and Burp Suite
• Develop automated scripts to replicate vulnerability validation and penetration tests
• Devise plans to implement various types of penetration tests
• Extend and modify exploits, shellcode and exploit tools
• Reverse engineering malware and data obfuscators and handle source code reviews for control flow purposes
• Provide technical risk assessment of technologies in networks and applications
• Perform, review and analyze security vulnerability data to identify false positives
• Research and develop testing tools and process improvements
• Explain, present and demonstrate the operational impact of vulnerabilities and ensure that each process is appropriately documented
• Assist users in implementing policies and tactics for conducting assessments
• Use social engineering and penetration testing procedures for vulnerability identification
• Conduct mission review meetings and ensure that all vulnerability findings and analysis are presented to information technology teams
• Identify solutions to system risks and ensure that they are correctly implemented
• Maintain and update knowledge of cyber threat terminology, methodologies and incident and response

Published in Category: IT