Penetration Tester

Anonymous

Documents

Individual state requirements may vary. Please contact your local apprenticeship office to ensure this version is suitable to your state’s requirements.

Work Process Schedule

Work Process Content

On the Job Training

Anonymous

Skills

Research (Information Gathering)

Collect stakeholder data to evaluate risk and to develop mitigation strategies.
Understands and follows proper protocols in handling of sensitive data.
Understands tools and settings/safety protocols prior to running on production testing. Includes 3rd party systems.
Defines out-of-scope items and best leveraging of cloud technologies
Gather cyber intelligence to identify vulnerabilities.
Identify new threat tactics, techniques, or procedures used by cyber threat actors.
Keep up with new penetration testing tools and methods.
Maintain up-to-date knowledge of hacking trends
Stay informed about current developments in field of specialization.
Examine records or other types of data to investigate criminal activities.
Search files, databases or reference materials to obtain needed information.
Prepare scientific or technical reports or presentations.

Analyze & Evaluate (Vulnerability Analysis & Threat Modeling)

Identify security system weaknesses using penetration tests.
Test the security of systems by attempting to gain access to networks, web-based applications, or computers.

Testing & Assessment

Conduct network and security system assessments using reconnaissance tools such as nmap, DirBuster, etc.
Discuss security solutions with information technology teams or management.
Evaluate vulnerability assessments of local computing environments, networks, infrastructures, or enclave boundaries.
Make recommendations to update corporate policies to improve cyber security.
Analyze security of systems, network, or data.
Analyze risks to minimize losses or damages.
Interpret design or operational test results.

Reporting: Written & Verbal Presentations

Document penetration test findings.
Prepare and submit reports describing the results of security fixes.
Write audit reports to communicate technical and procedural findings and recommend solutions.
Prepare analytical, operational, or technical reports/presentations.
Discuss design or technical features of products or services with technical personnel.

Solutions Development

Advise or recommend ways to configure information systems to incorporate principles of least functionality and least access.
Provide recommendations on the design of security solutions to address known device vulnerabilities.
Develop and execute tests that simulate the techniques of known cyber threat actors.
Develop infiltration tests that exploit device vulnerabilities.
Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
Develop testing routines or procedures.

Potential Employer Specific Knowledge/Skills/Abilities (KSA)

Understanding networking and network authentication protocols and systems such as LDAP/Kerberos/NTLMv2/LLMNR and other Active Directory Services
Advanced knowledge of internal network architecture, boundaries, zones, cloud environments
Cloud specific knowledge of Accounts/projects, users, IAM, Kubernetes, serverless compute, storage.

Related Instruction Outline

Penetration Tester

Work Process Content

Related Instruction Content

Similar Programs