There are many different types of jobs that penetration testers can take. Each has its pros and cons, with each offering a different testing environment and day-to-day workload for the tester. Different jobs may also lead to different targets and responsibilities. All of this is important to consider when choosing your path for what style of penetration testing you want to do. There is no one-size-fits-all solution, and each job fits a different person.
In-house Penetration Tester
In-house penetration testers work for a single company and focus entirely on the scope of that organization. These testers can perform many different types of tests and are typically part of a large team with multiple areas of expertise. This has the great advantage of opening up several different opportunities that may align with many different skill sets. Typically, organizations look for well-rounded individuals who can collaborate with the defensive team on engagements.
In general, this type of tester is going to work for large companies. These companies can be in many different industries, though some popular ones are tech, finance, and healthcare. In-house teams will often be large and part of a bigger overall cybersecurity department. Because of this, testers must communicate with a wide variety of individuals. Both high-level and low-level discussions will be a regular part of the job.
A very common role in this style of job will be focused on internal red teaming. This will be a lot of work with active directory, social engineering, and general red teaming practices. Depending on the company and the scope, this can cover a lot of ground, ranging from just about every style of software and network testing to physical penetration testing and assisting with remediations. Red teamers are ideally skilled generalists with high levels of experience in active directory, social engineering campaigns, and great communication skills.
Another commonly seen position covers in-house application security testing. This will be focused on ensuring that products developed by the development team are secure before being released to the market. The scope of this testing will usually be very narrow for each engagement, typically testing a single application or even a single part of an application. Testers pursuing this type of work should have a solid understanding of web application testing methodologies and standards, such as the OWASP Top 10, and binary application testing methodologies.
Contractor
Not every company can justify having a full team in-house for penetration testing. When this is the case, they will typically go to an outside vendor to meet their penetration testing needs. This is where contractors come in. Penetration testing contractors work for a contracting company that hires out penetration testers for clients as needed. In most cases, penetration testers doing this type of work will be working with a new client every week.
Penetration testing contractors can do just about any type of testing, depending on what the client needs. Contracting companies will often have team members who specialize in different areas of cyber security and match the client with the tester that most fits their needs. This type of specialization has the great advantage of allowing testers to dive in on a specific area and become exceptionally skilled at that type of testing.
Contractors are often exposed to a bigger variety of products and tests than internal testers. This can provide a fresh feel to testing compared to in-house testing. Compared to in-house testing, doing contract testing will often have a more restrictive scope. The test is usually focused on a specific network or application and does not deviate from that. This is not always the case, however. Passion for this deep dive into testing and client communication skills will help you succeed in this job.
Bug Bounty Hunters
Bug bounty hunters work on web applications where the developers open up their security research to the public. While not exclusively made up of web applications, those are the vast majority of areas in scope. Some of the other tests can be mobile applications, APIs, and binaries. Some programs may open up to other types of testing, but this is not typical. Most bug bounty programs stick with application testing.
Bug bounty hunters must be extremely competitive, as they compete against other security researchers to find bugs first. This can make bug bounty hunting difficult but very rewarding when successful. By nature of the work, bug bounty hunting offers far more freedom than other penetration testing jobs, at the cost of stability and guaranteed income. Bug bounty hunters should hone their skills in application testing and report writing to the highest level.