Profession ethical hacker

Ethical hackers perform security vulnerability assessments and penetration tests in accordance with industry-accepted methods and protocols. They analyse systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses.

Would you like to know what kind of career and professions suit you best? Take our free Holland code career test and find out.

Personality Type

  • Conventional / Investigative

Knowledge

  • Computer forensics

    The process of examining and recovering digital data from sources for legal evidence and crime investigation.

  • Software anomalies

    The deviations of what is standard and exceptional events during software system performance, identification of incidents that can alter the flow and the process of system execution.

  • Tools for ICT test automation

    The specialised software to execute or control tests and compare predicted testing outputs with actual testing results such as Selenium, QTP and LoadRunner

  • Penetration testing tool

    The specialised ICT tools which test security weaknesses of the system for potentially unauthorised access to system information such as Metasploit, Burp suite and Webinspect.

  • Legal requirements of ICT products

    The international regulations related to the development and use of ICT products.

  • Web application security threats

    The attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP.

  • Cyber attack counter-measures

    The strategies, techniques and tools that can be used to detect and avert malicious attacks against organisations' information systems, infrastructures or networks.

Skills

  • Perform security vulnerability assessments

    Execute types of security testing, such as network penetration testing, wireless testing, code reviews, wireless and/or firewall assessments in accordance with industry-accepted methods and protocols to identify and analyse potential vulnerabilities.

  • Address problems critically

    Identify the strengths and weaknesses of various abstract, rational concepts, such as issues, opinions, and approaches related to a specific problematic situation in order to formulate solutions and alternative methods of tackling the situation.

  • Identify ICT system weaknesses

    Analyse the system and network architecture, hardware and software components and data in order to identify weaknesses and vulnerability to intrusions or attacks.

  • Develop code exploits

    Create and test software exploits in a controlled environment to uncover and check system bugs or vulnerabilities.

  • Identify ICT security risks

    Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

  • Provide technical documentation

    Prepare documentation for existing and upcoming products or services, describing their functionality and composition in such a way that it is understandable for a wide audience without technical background and compliant with defined requirements and standards. Keep documentation up to date.

  • Execute ICT audits

    Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.

  • Analyse the context of an organisation

    Study the external and internal environment of an organisation by identifying its strengths and weaknesses in order to provide a base for company strategies and further planning.

  • Execute software tests

    Perform tests to ensure that a software product will perform flawlessly under the specified customer requirements, using specialised software tools. Apply software testing techniques and tools in order to identify software defects (bugs) and malfunctions.

  • Monitor system performance

    Measure system reliability and performance before, during and after component integration and during system operation and maintenance. Select and use performance monitoring tools and techniques, such as special software.

Optional knowledge and skills

whitehat sentinel information confidentiality hybrid model cyber security open source model ict network security risks ict security standards levels of software testing organisational resilience internet governance information security strategy solve ict system problems maintain ict server perform project management manage it security compliances nexpose outsourcing model proxy servers internet of things nessus saas model ict encryption service-oriented modelling ict security legislation define security policies

Common job titles

  • Penetration tester
  • Cyber security architect
  • Penetration tester for mobile devices
  • Network security analyst - panama shift
  • Security researcher – vulnerability analysis
  • Mid-level penetration tester
  • Information systems security specialist, junior
  • Cyber security engineer - penetration tester - 2004519
  • Penetration tester - dc
  • Information security analyst - ts/sci req'd