Penetration Testers

A subset of this occupation's profile is available. Data collection is currently underway to populate other parts of the profile.

Evaluate network system security by conducting simulated internal and external cyberattacks using adversary tools and techniques. Attempt to breach and exploit critical systems and gain access to sensitive information to assess system security.

Occupation-Specific Information

Tasks

  • Assess the physical security of servers, systems, or network devices to identify vulnerability to temperature, vandalism, or natural disasters.
  • Collect stakeholder data to evaluate risk and to develop mitigation strategies.
  • Conduct network and security system audits, using established criteria.
  • Configure information systems to incorporate principles of least functionality and least access.
  • Design security solutions to address known device vulnerabilities.
  • Develop and execute tests that simulate the techniques of known cyber threat actors.
  • Develop infiltration tests that exploit device vulnerabilities.
  • Develop presentations on threat intelligence.
  • Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
  • Discuss security solutions with information technology teams or management.
  • Document penetration test findings.
  • Evaluate vulnerability assessments of local computing environments, networks, infrastructures, or enclave boundaries.
  • Gather cyber intelligence to identify vulnerabilities.
  • Identify new threat tactics, techniques, or procedures used by cyber threat actors.
  • Identify security system weaknesses, using penetration tests.
  • Investigate security incidents, using computer forensics, network forensics, root cause analysis, or malware analysis.
  • Keep up with new penetration testing tools and methods.
  • Maintain up-to-date knowledge of hacking trends.
  • Prepare and submit reports describing the results of security fixes.
  • Test the security of systems by attempting to gain access to networks, Web-based applications, or computers.
  • Update corporate policies to improve cyber security.
  • Write audit reports to communicate technical and procedural findings and recommend solutions.

back to top

Technology Skills

  • Data base user interface and query software — Amazon Web Services AWS software In-Demand Hot technology ; Structured query language SQL In-Demand Hot technology
  • Development environment software — Go In-Demand Hot technology ; Microsoft PowerShell In-Demand Hot technology ; Oracle Java 2 Platform Enterprise Edition J2EE In-Demand Hot technology ; Ruby In-Demand Hot technology ; 3 more
  • Internet directory services software — Microsoft Active Directory In-Demand Hot technology
  • Network monitoring software — IBM QRadar SIEM In Demand
  • Network security and virtual private network VPN equipment software — Firewall software In Demand
  • Object or component oriented development software — C# In-Demand Hot technology ; Objective C In-Demand Hot technology ; Oracle Java In-Demand Hot technology ; Perl In-Demand Hot technology ; 2 more
  • Operating system software — Bash In-Demand Hot technology ; Linux In-Demand Hot technology ; Shell script In-Demand Hot technology ; UNIX In-Demand Hot technology
  • Program testing software — Kali Linux In Demand
  • Transaction security and virus protection software — Metasploit In Demand ; Nmap In Demand ; Portswigger BurP Suite In Demand ; Tenable Nessus In Demand
  • Web platform development software — JavaScript In-Demand Hot technology ; Microsoft Active Server Pages ASP In-Demand Hot technology
Hot technology
Hot Technologies are requirements most frequently included across all employer job postings.
In demand
In Demand skills are frequently included in employer job postings for this occupation.

back to top

Occupational Requirements

Detailed Work Activities

back to top

Experience Requirements

Job Zone

Title
Job Zone Four: Considerable Preparation Needed
Education
Most of these occupations require a four-year bachelor's degree, but some do not.
Related Experience
A considerable amount of work-related skill, knowledge, or experience is needed for these occupations. For example, an accountant must complete four years of college and work for several years in accounting to be considered qualified.
Job Training
Employees in these occupations usually need several years of work-related experience, on-the-job training, and/or vocational training.
Job Zone Examples
Many of these occupations involve coordinating, supervising, managing, or training others. Examples include real estate brokers, sales managers, database administrators, graphic designers, conservation scientists, art directors, and cost estimators.
SVP Range
2-4 years of preparation (7.0 to < 8.0)

back to top

Training & Credentials

State training
Local training
Certifications
Apprenticeships
Have a career path or location in mind? Visit Apprenticeship.gov external site to find apprenticeship opportunities near you.

back to top

Workforce Characteristics

Wages & Employment Trends

Median wage data for Computer Occupations, All Other.
Employment data for Computer Occupations, All Other.
Industry data for Computer Occupations, All Other.
Median wages (2021)
$45.80 hourly, $95,270 annual
State wages
Local wages
Employment (2021)
408,200 employees
Projected growth (2021-2031)
Faster than average (8% to 10%)
Projected job openings (2021-2031)
34,700
State trends
Top industries (2021)

Source: Bureau of Labor Statistics 2021 wage data external site and 2021-2031 employment projections external site. “Projected growth” represents the estimated change in total employment over the projections period (2021-2031). “Projected job openings” represent openings due to growth and replacement.

back to top

Job Openings on the Web

State job openings
Local job openings

back to top

More Information

back to top

Sources of Additional Information

Disclaimer: Sources are listed to provide additional information on related jobs, specialties, and/or industries. Links to non-DOL Internet sites are provided for your convenience and do not constitute an endorsement.

back to top