Penetration tester salary


For some, aiming for one of the most glamorous or cool jobs is their cup of tea, and for many in information security their equivalent role is penetration tester. Much like an action movie in the vein of “Mission Impossible,” you’ll get to hack into computer systems for a legitimate purpose. 

The question then remains — how much can you expect to earn as a pentester? This article will address how much you can make as a pentester, what factors you can expect to impact your salary, and tips to boost your salary if you are hungry to earn more.

What is a penetration tester?

For those still wondering what a penetration tester is, I’ve got you covered. Pentesters use an array of ethical hacking, general hacking knowledge and other information security skills to test computers, information systems, networks and IT systems for exploitable vulnerabilities that attackers can take advantage of. After finding these vulnerabilities, they simulate real-life cyberattacks with a variety of tools and methods. Simply put, pentesters get paid to legally hack with the goal of improving organizational information security. 

To better understand what this role does, below is a list of common pentester responsibilities:

  • Performing formal penetration tests on networks, computer systems and Web applications
  • Performing physical security assessments on systems, servers and network devices
  • Probing for vulnerabilities in a variety of applications including fat/thin client, Web and standard applications
  • Designing and creating new pentesting tests and tools

Required education

Organizations generally require pentesters to at least have a Bachelor of Science degree in computer science, computer information systems, information technology or a related field. Some organizations require specialized education (if they use Linux or Unix, for example) and certifications before they will hand over the reins of their pentesting role to you. If (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: