This intrusion expert is the ethical hacker of companies, who ensures computer security by attacking existing vulnerabilities.
Education level: Bac +3
Employability: Very good
Starting salary: €3,000
Confirmed salary: €5,000
ROME Code: M1802
DPF code: M2Z
1. The position in a nutshell
3. Responsibility of the cybersecurity administrator
6. In which sector to work?
7. How do I access the profession?
The position in a nutshell
This IT security professional tests networks by performing controlled penetration tests to identify security vulnerabilities. It thus offers alert levels that allow teams to define cybersecurity strategies and solutions.
Equivalent title: Technical security auditor, technical expert in security audit, IT auditor, expert in intrusion tests
The role of a pentester is to ensure the security of the entire architecture of a computer system. Its main missions focus on three key areas.
- Have a global vision of the IS audited
- Perform security audits in accordance with the regulations of each IT environment tested
- Perform configuration audits, i.e. collect and analyze equipment configuration items
- Carry out architecture audits, by collecting and processing data from the architecture of an IS
- Conduct code audits by reviewing component source code
- Launch intrusion tests, i.e. attacks defined by well-thought-out scenarios for each target environment
Management of technical checks
- Present the detected vulnerabilities to the teams and organize them according to the degree of importance, defined according to their impacts
- Analyze vulnerabilities and identify their causes in educational reports
- Recommend appropriate solutions or strategies to fill the detected flaws
- Work with IT teams to facilitate the application of recommendations
- Submit security and compliance level dashboards
- Carry out a permanent watch to be at the forefront of attack scenarios, threats and failures by environment
- Stay alert to new test contexts to improve strategies
- Develop audit tools
- Innovate on IS flaw detection solutions.
Our advice: Having a PASSI certification, Information systems security audit service provider, is an asset to move towards this profession of expert in intrusion tests.
Responsibility of the pentester
His role is important within a company or an organization, because the pentester knows all the ways to penetrate a computer system. Only he does it to improve it, not to divert it. Often subject to a confidentiality agreement, his work is a major challenge for the structures that give him access to all their vulnerabilities. He may therefore also be called upon to carry out awareness-raising or prevention missions to improve the knowledge of his team.
A pentester must show great rigor and an ever more advanced technique. This requires some essential skills to effectively practice this profession.
Technique is as important as theory in this position. Experience continues to improve the approaches of the penetration testing expert. He must :
- master the security of operating systems, networks and protocols;
- know the norms and standards of the environments for its audits;
- know how to carry out various intrusion missions, with a good knowledge of the techniques and possible flaws;
- be competent in reverse engineering;
- have legal skills in IT law, IS security and personal data protection;
- have skills in software development and programming language;
- be fluent in English.
The pentester is a key position for a company, which must be able to trust him completely. There are certain qualities to possess:
- sense of ethics;
- curiosity and audacity;
- pedagogy and diplomacy;
- confidentiality and integrity;
- The ability to work in a team.
If the pentester works for a big box, for example in the United States, where the sector is known to be more paid, his salary differs greatly from a contract in France. That said, this penetration testing expert can consider an average salary starting at €3,000. With experience, the average salary exceeds €5,000 per month. This can go up to €8,800, for example.
In which sector to work?
The profession of pentester is in great demand by companies because it represents a significant asset and security for their operations. The public, industrial or banking sector will be looking for these experts. Where to work as a pentester?
Description of the profession in the ANSSI directory
This profession is developing within organizations that have a SOC-type structure.
How to get into the job of Pentester?
To become a pentester, you must first of all justify a good level in computer science. This can range from a bachelor's degree with a specialization in computer science to a master's degree in cybersecurity.
Bachelor Cybersecurity specialist
The perfect path for the technical professions of cybersecurity. At your entrance, select your specialty (IT - IT or Industrial - OT) and start the adventure! Gateways exist for people who have already validated training related to the world of cyber or wrongly judged "distant" from the world of cyber
Master Cybersecurity manager
This 2-year program allows you to master the basic skills necessary for the position of cybersecurity manager and promote your professional integration. Its cost of €15,000 excluding tax per year is fully covered by our partner companies. CSB.SCHOOL is authorized to train and organize the assessment of the level 7 professional title "Expert in Information Systems" registered with the RNCP under number 17285
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.