Job Description: Penetration tester (white hat hacker)

News by SC Jobs

As a penetration tester, you will be responsible for evaluating the security of an organisation's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie.

Simulated attacks on networks, firewalls, operating systems and web applications are at the heart of the job. Being able to identify those weaknesses and report on the findings is the next step. Dealing with a range of internal and external clients, it is important that anyone in this role is as comfortable with the technical aspects as the communication of it. A penetration tester can also be known as a white-hat hacker or an ethical hacker.  

The day-to-day

  • Plan the penetration test

  • Select, design and create appropriate tools for testing

  • Perform the penetration test on computer systems, networks, web-based and mobile applications

  • Document your methodologies

  • Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from earlier stages to identify vulnerabilities that the tools may not see

  • Review your findings and feedback to clients

  • Analyse the outcomes and make recommendations for security improvements

  • Key responsibilities

    • Carry out application, network, systems and infrastructure penetration tests

    • Review physical security and perform social engineering tests where appropriate

    • Evaluate and select from a range of penetration testing tools

    • Keep up to date with latest testing and ethical hacking methods

    • Deploy the testing methodology and collect data

    • Report on findings to a range of stakeholders

    • Make suggestions for security improvements

    • Enhance existing methodology material

    Visit SC Jobs to browse and apply for the latest penetration tester vacancies

    Key skills

    • Good understanding of network protocols

    • Solid technical skills in both information security architecture and penetration testing

    • Ability to assess testing tools and deploy the right ones

    • Project planning skills

    • A solid understanding of ethical hacking

    • Scripting and programming experience is beneficial

    • Ability to explain findings to non-technical professionals

    • Excellent report writing and presentation skills

    • Customer facing skills and a proven track-record of building client relationships

    • Able to work independently but also as part of a team

    • Flexibility to change direction and manage conflicting demands

    • Outstanding organisational and data analytics skills

    • Comfortable working in a fast-paced environment


    • Certified Register of Ethical Security Testers (CREST)

    • Cyber-security certifications (CHECK, CTM, CTL, CREST, TIGER, OSCP)

    • A degree in computer security, computer science or equivalent

    • Recognised security testing certifications (GIAC, CEH)

    Relevant experience

    • Penetration testing experience of systems, web-based applications and networks.

    • Solid knowledge and experience of using a variety of penetration testing or threat modelling tools including open source and commercial mapping

    • Experience of threat reporting and assessing vulnerabilities

    • Some consulting experience is advantageous with a proven ability to understand and meet client needs, build relationships and develop a positive dialogue

    • Adept at explaining technical jargon to non-technical parties

    • Scripting skills and reverse engineering experience is desirable

    • Past experience of using problem solving techniques and developing solutions to meet vulnerability threats


    Typical contracted hours will be Monday to Friday 9am – 5pm. However, there may be a requirement to work longer hours or at the weekend, according to demand.


    Salary will depend upon location, experience and sector. A typical salary band is £45,000 - £65,000. Some of the bigger companies will offer more, together with an attractive benefits package.

    Career opportunities

    After three to four years as a penetration tester, it is possible to move onto roles such as:

    Browse the latest penetration tester jobs

    Sign up to receive job alerts by email matched to your specific requirements

    Keep abreast of the latest industry trends by signing up to our free email newsletters


    Find this article useful?

    Get more great articles like this in your inbox every lunchtime

    Video and interviews