Penetration Tester (general)

Evaluates the security of a computer system or network by simulating an attack from malicious outsiders and / or malicious insiders to identify attack vectors, vulnerabilities and control weaknesses. Ability to use a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities, along with expertise to identify specific weaknesses – unknown vulnerabilities - in an organisation’s security arrangements.

The penetration testing process involves an active manual analysis of the target system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.  This analysis is typically carried out from the position of a potential attacker and normally involves active exploitation of security vulnerabilities.