Overview
Simulates cyberattacks on computer systems, networks, and applications to identify security weaknesses before malicious hackers do. Requires deep technical knowledge and an understanding of attacker methodologies.
Responsibilities
- Conduct authorized simulated attacks to find vulnerabilities
- document findings
- report vulnerabilities
- recommend remediation
- stay updated on attack vectors
Required Skills
- Network protocols
- OS (Win/Linux/macOS)
- web app security (OWASP Top 10)
- scripting (Python, Ruby)
- pentesting tools (Metasploit, Burp Suite, Nmap)
- exploit basics
- report writing
Salary Expectations
$80,000 - $140,000+ USD
Relevant Certifications
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Enterprise Defender (GCED)
- Certified Ethical Hacker (CEH)
- EC-Council Certified Security Analyst (ECSA)
- Licensed Penetration Tester (LPT)
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Offensive Security Wireless Professional (OSWP)
- Offensive Security Exploitation Expert (OSEE)
- Hack The Box Certified Penetration Tester (HTB CPT)
- Hack The Box Certified Bug Bounty Hunter (HTB CBBH)
Common Career Pathway
Requires experience as Security Analyst, SysAdmin, or Network Engineer. Deep technical understanding needed.
Learning Roadmap
Strong IT/Network base -> Security+ -> OWASP -> Pentesting Tools -> Labs (HTB, THM) -> Specialize -> CEH/PenTest+/OSCP.