The Penetration Tester Job Interview
A penetration or pen tester is the person hired to assess the strength of a system’s security. Utilised in security audits, integral to conducting risk assessments and divided between white box and black box software testing; penetration testing is designed to root out all vulnerabilities in a business’s applications, systems and networks.
With a typical salary of around £55,000 on average, according to Indeed.co.uk, jobs in penetration testing will vary from business to business but they may very well resemble something like the following format.
This is the type of job where show is better than tell so don’t be surprised if your interviewer kick things off with a practical skill assessment. Something like assessing a web application would involve your analysis of the functionality of a web form and testing your knowledge of source code or you may be tested on your ability to work with a debugger. Either way, your best plan of attack is to do your research into a few possible scenarios where pen testing is required and understand what your response should be. Securitytube videos are a useful resource.
While the need for technical prowess is undoubtedly high in penetration tester jobs, so too is the art of communication, both spoken and written. Your interviewer may request to see an example of your written skills during the interview, perhaps via a summary of the steps involved in your practical assessment. If you can show that you can put your thoughts and ideas to paper clearly and coherently this will go a long way to impressing your potential employer. Report writing is a key part of the work of a penetration tester, as you explain vulnerabilities, attack vectors, business impact and recommendations to resolve the weakness to both the business and its customers and stakeholders in a way they can make sense of. It would be wise to root out some examples of pen testing reports to get a clearer understanding of what is involved.
Revealing your own blog at this point in the interview may also be worthwhile, and a question of such may arise at some point in the interview. Demonstrating not only your passion to your chosen line of work but also your written ability to convey technical information in a way that is engaging and relatable to relevant third parties will reassure your interviewer of your commitment and credibility to the role.
You may also be asked to perform a scripting challenge which is designed to test your fluency with coding languages. Whichever one you are most familiar with, C, C++, C#, Python, Ruby, Java or other, this challenge will assess your skill and experience as well as evaluate your creativity when it comes to problem solving.
Use your interview to demonstrate as much of your skillset as possible and embrace the practical opportunities to showcase how you would be an asset to the business as part of their cyber security defence team.
For examples of questions your interviewer may ask, have a read of our Interview Questions for a Pen Tester article.