Minimum Criteria:
- At least 2 years of proven experience in Penetration Testing
- Education: A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
- Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.
- Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating systems and their common flaws.
- Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
- Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc.) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
- Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. - Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.
Holds relevant industry certification/s or equivalent like the following:
• CEH Certified Ethical Hacker
• OSCP Offensive Security Certified Professional
• GPEN GIAC Penetration Tester
• PNPT Practical Network Penetration Tester
• Burp Suite Certified Practitioner
• eWAPT/eWAPTx eLearning Web Application Penetration Tester
• Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.