The job as a penetration tester

Penetration testers usually work for medium-sized companies (with approx. 300 employees), corporations, or governments. IT structures can be tested either as an employee within a company or as a service provider for them. As a service provider, there is greater demand and more diversity, as you are constantly testing and seeing new structures – across all industries.

With professional experience, starting as a junior penetration tester, you only work in a supporting role or only carry out smaller tests. Later you specialize as a penetration tester, usually after 3 years of work in the field.

A distinction is often made between two major disciplines: Network and Web Application Penetration Testing. After another 3 years of experience, i.e. 6, the last specialization follows – either in the direction of social engineering, specialization in the form of the branch (e.g. Siemens control penetration tester or SAP penetration tester), or in the direction of team management with leadership skills. But here are the promised salary prospects:

Certified penetration testers or ethical professional hackers are now represented throughout Germany as part of cyber security from Hamburg, Berlin, Frankfurt to Munich.

Pentesters are independent security analysts who examine IT for security vulnerabilities or security weaknesses after commissioning the company. As a penetration tester, the goal is to exploit these security gaps by means of exploits and to prove them with “proof of concepts”. The IT security analyst, on the other hand, only indicates such security gaps without checking them.

In security control, realistic attack scenarios are implemented in order to ensure network security, e.g. via the operating system, software system or web applications (web application security) to test and to penetrate / bypass (gaining access). In addition to known security weaknesses, the IT security analysis (security testing) also searches for unknown security vulnerabilities, so-called zero-day vulnerabilities, in order to identify them at an early stage and to report them to the application developers.

The complete and structured documentation is essential for a pentester in order to enable application security.

There are no legal requirements. However, it is advisable to have at least one training as an IT specialist with a focus on application development or system integration, as well as 3 years of professional experience. With a degree in computer science (not business informatics or similar!) You also need at least 3 years of professional experience, but then you can usually advance faster in the senior class; however, this is not a guarantee, it is performance-dependent.

We have created the first recognized further training throughout Germany to train all three seniorities (junior, professional and senior) in a targeted manner. This is of course done in cooperation with the IHK Academy. If you want to find out more about this training, we are here for you, just give us a call.