Penetration Testing Expert duties and responsibilities -:
Operate a hands-on role involving penetration testing and vulnerability assessment
activities of complex applications, operating systems, wired and wireless networks, and
mobile applications/devices
Develop and maintain security testing plans
Automate penetration and other security testing on networks, systems, and applications
Develop meaningful metrics to reflect the true posture of the environment allowing the
organization to make educated decisions based on risk
Produce actionable, threat-based, reports on security testing results
Act as a source of direction, training, and guidance for less experienced staff
Mentor and coach other IT security staff to provide guidance and expertise in their
growth
Consult with application developers, systems administrators, and management to
demonstrate security testing results, explain the threat presented by the results, and
consult on remediation
Communicate security issues to a wide variety of internal and external “customers” to
include technical teams, executives, risk groups, vendors, and regulators
Deliver the annual penetration testing schedule and conducting awareness campaigns to
ensure proper budgeting by business lines for annual tests
Foster and maintain relationships with key stakeholders and business partners
Penetration Testing Expert requirements and qualifications –
Previous working experience as a Penetration Testing Expert for (x) year(s)
BA in Computer Information Systems, Management Information Systems, or similarrelevant field
In-depth knowledge of application development processes and at least one
programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
Hands-on experience with testing frameworks such as the PTES and OWASP
Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X,
VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
Critical thinker and problem solver
Excellent organizational and time management skills