IT Penetration Tester
The role of a penetration tester is essentially to simulate cyber attacks on an organisation's IT infrastructure and then report the relevant security flaws in terms of networks, firewalls and infrastructure to the client.
An IT Penetration Tester can work across multiple platforms but can choose to specialise in a particular type of system, such as:
- Windows, Mac or Linux
- IoT (Internet of Things)
- Embedded computer systems
- Supervisory control and data acquisition systems (SCADA)
The role can either be in-house, or freelance, but some on-site work is fundamental as system security is the essence of the role. You will most likely work for a consultancy who specialises in this type of work and has different external clients across different sectors of business and industry.
What the job involves:
- Carrying out analysis of computer systems and networks
- Becoming familiar with complex system and cyber security terminologies threats
- Carrying out remote testing to simulate an attack on a network or infrastructure
- Create multifaceted methods of penetration, using coding, scripts and tests
- Carry out a threat and risk analysis of what a effect a cyber attack will have on the business
- Compile a detailed report on your findings, conclusions and recommendations, for both technical and non-technical personnel within the client organisation
- Advise on remedies and counter-measures to defend and neutralise threats to networks
On average, salaries for those entering the industry are in excess of €30,000 and sometimes considerably more, with experience they will rise sizeably to well over €40k and senior operators in this sector can be very well remunerated with salaries in excess of €80,000. Freelance or contract testers in this field can earn between €300 and €500 per day approximately.
To be a successful IT Penetration Tester you will need to have:
- Advanced and specialised knowledge of IT systems and networks and how they operate
- Excellent written, spoken and collaborative communication skills
- Meticulous attention to detail and thorough in all work practises.
- Ability to create detailed and complex reports and explain them to technical and non-technical audiences.
- Create reports and recommendations from your findings and plan out strategies for clients to be prepared for any future risks and threats.
This role is applicable to almost all areas of business and industry, across both public and private sector and good testers can work on a full-time, freelance or contract basis.
Some employers that you could work for as an IT Penetration Tester include:
- Financial services institutions
- Consulting firms
- IT firms and support services
- Government agencies
- Universities and colleges
- Manufacturing companies
- Pharmaceutical and biopharmaceutical firms
- Public sector organisations
To work in this industry you will need a bachelor's degree in an IT related subject, preferably computer science, with the following degree subjects particularly appropriate:
- Computer Science
- Cyber Security
- Forensic Computing
- Computing and information systems
- Network management
- Computer systems engineering
IT Penetration Testing is an advanced position but some firms do have graduate positions available for those with the right background, skills and competencies. Building on your degree you will need some postgraduate study or related training to hone you skills in this area. Some qualifications and certifications which are offered in this area include:
- EC-Council Certified Ethical Hacker (CEH)
- Advanced Ethical Hacking
- CompTIA A+ Certification
- CompTIA Network+ Certification
- CompTIA Security+
These certifications and qualifications are primarily offered by private training providers but Griffith College offer a Masters in Network and Information Security. This Level 9 qualification in Network and Information Security aims to equip students with the necessary skills to pursue an interesting career in this specialist area. UCD also offer a Masters in Digital Investigation and Forensic Computing.