Penetration Testers
15-1299.04
15-1299.04
A subset of this occupation's profile is available. Data collection is currently underway to populate other parts of the profile.
Evaluate network system security by conducting simulated internal and external cyberattacks using adversary tools and techniques. Attempt to breach and exploit critical systems and gain access to sensitive information to assess system security.
Occupation-Specific Information
Tasks
-
Assess the physical security of servers, systems, or network devices to identify vulnerability to temperature, vandalism, or natural disasters.
-
Collect stakeholder data to evaluate risk and to develop mitigation strategies.
-
Conduct network and security system audits, using established criteria.
-
Configure information systems to incorporate principles of least functionality and least access.
-
Design security solutions to address known device vulnerabilities.
-
Develop and execute tests that simulate the techniques of known cyber threat actors.
-
Develop infiltration tests that exploit device vulnerabilities.
-
Develop presentations on threat intelligence.
-
Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
-
Discuss security solutions with information technology teams or management.
-
Document penetration test findings.
-
Evaluate vulnerability assessments of local computing environments, networks, infrastructures, or enclave boundaries.
-
Gather cyber intelligence to identify vulnerabilities.
-
Identify new threat tactics, techniques, or procedures used by cyber threat actors.
-
Identify security system weaknesses, using penetration tests.
-
Investigate security incidents, using computer forensics, network forensics, root cause analysis, or malware analysis.
-
Keep up with new penetration testing tools and methods.
-
Maintain up-to-date knowledge of hacking trends.
-
Prepare and submit reports describing the results of security fixes.
-
Test the security of systems by attempting to gain access to networks, Web-based applications, or computers.
-
Update corporate policies to improve cyber security.
-
Write audit reports to communicate technical and procedural findings and recommend solutions.
Technology Skills
-
Application server software — Docker
; GitHub ; Kubernetes -
Cloud-based management software — Google Cloud software
-
Cloud-based protection or security software — Qualys Cloud Platform
-
Compiler and decompiler software — Hex-Rays IDA Pro; Vector 35 Binary Ninja
-
Computer aided design CAD software — Ghidra
-
Configuration management software — IBM Terraform
-
Data base management system software — Database management systems
-
Data base user interface and query software — Amazon Web Services AWS software
; Microsoft SQL Server ; ServiceNow ; Structured query language SQL -
Development environment software — Go ; Microsoft PowerShell ; Oracle Java 2 Platform Enterprise Edition J2EE ; Ruby ; 8 more
-
Enterprise resource planning ERP software — Management information systems MIS
-
Enterprise system management software — Splunk Enterprise
-
Expert system software — Ansible software
-
Internet directory services software — Microsoft Active Directory
-
Network monitoring software — IBM QRadar SIEM; Wireshark
-
Network security and virtual private network VPN equipment software — Firewall software
-
-
Office suite software — Microsoft Office software
-
-
Program testing software — Kali Linux ; MITRE ATT&CK software ; System testing software
-
Spreadsheet software — Microsoft Excel
-
Transaction security and virus protection software — Invicti Acunetix; Metasploit ; Rapid7 software ; Tenable Nessus ; 4 more
-
Transaction server software — IBM Middleware; Web server software
-
Web platform development software — JavaScript ; Microsoft Active Server Pages ASP ; PHP ; RESTful API; 1 more
Hot Technologies are requirements most frequently included across all employer job postings.
In Demand skills are frequently included in employer job postings for this occupation.
Occupational Requirements
Detailed Work Activities
-
Develop testing routines or procedures.
-
Analyze security of systems, network, or data.
-
Prepare scientific or technical reports or presentations.
-
Stay informed about current developments in field of specialization.
-
Analyze risks to minimize losses or damages.
-
Develop computer or information security policies or procedures.
-
Develop computer or information systems.
-
Develop organizational policies or programs.
-
Discuss design or technical features of products or services with technical personnel.
-
Evaluate characteristics of equipment or systems.
-
Examine records or other types of data to investigate criminal activities.
-
Interpret design or operational test results.
-
Investigate illegal or suspicious activities.
-
Prepare analytical reports.
-
Prepare technical or operational reports.
-
Search files, databases or reference materials to obtain needed information.
-
Test computer system operations to ensure proper functioning.
-
Test performance of electrical, electronic, mechanical, or integrated systems or equipment.
Experience Requirements
Job Zone
- Title
- Job Zone Four: Considerable Preparation Needed
- Education
- Most of these occupations require a four-year bachelor's degree, but some do not.
- Related Experience
- A considerable amount of work-related skill, knowledge, or experience is needed for these occupations. For example, an accountant must complete four years of college and work for several years in accounting to be considered qualified.
- Job Training
- Employees in these occupations usually need several years of work-related experience, on-the-job training, and/or vocational training.
- Job Zone Examples
- Many of these occupations involve coordinating, supervising, managing, or training others. Examples include real estate brokers, sales managers, database administrators, graphic designers, conservation scientists, art directors, and cost estimators.
- SVP Range
- (7.0 to < 8.0)
Training & Credentials
- State training
- Local training
- Certifications
Apprenticeship Opportunities
Example apprenticeship titles for this occupation:
- Hardware Hacker
- Penetration Tester
Specific title(s) listed above are vetted by industry and approved by the U.S. Department of Labor for use in a Registered Apprenticeship Program.
Start your career and build your skillset. Visit Apprenticeship.gov
external site to learn about opportunities related to this occupation.
Worker Characteristics
Interests
Interest code: ICR
Want to discover your interests? Take the O*NET Interest Profiler at My Next Move.
-
Investigative — Work involves studying and researching non-living objects, living organisms, disease or other forms of impairment, or human behavior. Investigative occupations are often associated with physical, life, medical, or social sciences, and can be found in the fields of humanities, mathematics/statistics, information technology, or health care service.
-
Conventional — Work involves following procedures and regulations to organize information or data, typically in a business setting. Conventional occupations are often associated with office work, accounting, mathematics/statistics, information technology, finance, or human resources.
-
Realistic — Work involves designing, building, or repairing of equipment, materials, or structures, engaging in physical activity, or working outdoors. Realistic occupations are often associated with engineering, mechanics and electronics, construction, woodworking, transportation, machine operation, agriculture, animal services, physical or manual labor, athletics, or protective services.
Workforce Characteristics
Wages & Employment Trends
Median wage data for Computer Occupations, All Other.
Employment data for Computer Occupations, All Other.
Industry data for Computer Occupations, All Other.
- Median wages (2024)
- $52.39 hourly, $108,970 annual
- State wages
- Local wages
- Employment (2023)
- 470,900 employees
- Projected growth (2023-2033)
- Much faster than average (9% or higher)
- Projected job openings (2023-2033)
- 34,800
- State trends
- Top industries (2023)
Source: Bureau of Labor Statistics 2024 wage data external site and 2023-2033 employment projections external site. “Projected growth” represents the estimated change in total employment over the projections period (2023-2033). “Projected job openings” represent openings due to growth and replacement.
Job Openings on the Web
- State job openings
- Local job openings
More Information
Related Occupations
- 15-1299.07 Blockchain Engineers
Bright Outlook
- 15-1231.00 Computer Network Support Specialists
- 15-1211.00 Computer Systems Analysts
- 15-1299.08 Computer Systems Engineers/Architects
- 15-1242.00 Database Administrators
- 15-1212.00 Information Security Analysts
- 15-1299.05 Information Security Engineers
- 15-1252.00 Software Developers
- 15-1253.00 Software Quality Assurance Analysts and Testers
- 17-2112.02 Validation Engineers
Professional Associations
Disclaimer: Sources are listed to provide additional information on related jobs, specialties, and/or industries. Links to non-DOL Internet sites are provided for your convenience and do not constitute an endorsement.
O*NET Ally
Actively assisted with the O*NET data collection, helping to identify occupational experts who can be surveyed about their work in the occupation.
National Associations
- ASIS International external site
- Association for Computing Machinery external site
- Cybersecurity Collaborative external site
- Digital Forensics Association external site
- Federation of Security Professionals external site
- High Technology Crime Investigation Association external site
- IEEE Computer Society external site
- Information Systems Security Association International external site
- InfraGard external site
- International Association for Cryptologic Research external site
- International Association of IT Asset Managers external site
- International Association of Privacy Professionals external site
- International Association of Professional Security Consultants external site
- Internet Society external site
- ISACA external site
- National Cybersecurity Alliance external site
- Network Professional Association external site
- North American Network Operators' Group external site
- Open Worldwide Application Security Project external site
- Security Industry Association external site
- Society for Information Management external site
- Society for Innovation, Technology, and Modernisation external site
Regional Associations
- Midwest Cyber Security Alliance external site
- Northeast Regional Computing Program external site
- Southwest CyberSec Forum external site
Accreditation, Certification, & Unions