First of all, the most important questions first – what does a (junior-senior) penetration tester earn and what career opportunities do you have?
Penetration testers usually work for medium-sized companies (from around 300 employees), corporations or governments. IT structures can be tested both as an employee within a corporation or as a service provider for them.
As a service provider, there are greater demands and more variety here, as you are always testing and seeing new structures - across all sectors.
With professional experience, starting as a junior penetration tester, where you only provide support or only carry out smaller tests, you specialize as a penetration tester (usually after 3 years of work) in a field.
A distinction is often made between two main disciplines: Network and Web Application Penetration Testing. After another 3 years of experience, i.e. 6 years, the last specialization follows - either in the direction of social engineering, in-depth study in the form of industry specialization (e.g. Siemens control penetration tester or SAP penetration tester) or in the direction of team leadership with leadership skills. But here are the promised salary prospects:
Junior Penetration Tester | Professional Penetration Tester | Senior Penetration Tester | |
---|---|---|---|
Work experience | 1-3 years | 3-6 years | > 6 years |
salary range | 37.000 € - 44.000 € | 52.400 € - 59.400 | 61.100 € - 67.400 € |
Average salary | 42.800 € | 56.600 € | 63.200 € |
This table shows the average income in Germany. With ProSec these are higher overall.
Certified penetration testers or ethical professional hackers are now represented throughout Germany from Hamburg, Berlin, through Frankfurt to Munich as part of cyber security.
Pentesters are independent security analysts who, commissioned by the company, examine IT for security vulnerabilities or security weaknesses. As a penetration tester, the goal is to use exploits to exploit these security gaps and to prove them with "proof of concepts". The IT security analyst, on the other hand, only points out such security gaps without finally checking them.
In the case of security control, realistic attack scenarios are implemented in order to test and penetrate/evade network security, e.g. via the operating system (operating system), software system (software system) or web applications (web application security). gaining access). In addition to known security weaknesses, IT security analysis (security testing) also looks for unknown security gaps (security vulnerabilities), so-called zero-day vulnerabilities, in order to identify them early and report them to the application developers.
Complete and structured documentation is essential for a pentester to enable application security.
There are no legal requirements. However, it is advisable to have at least an apprenticeship as an IT specialist with a focus on application development or system integration, as well as 3 years of professional experience. With a degree in computer science (not business informatics or something similar!) you also need at least 3 years of professional experience, but you can usually move up faster in the seniority class; however, this is not a guarantee, but performance-dependent.
We have them all over Germany first recognized training created to train all three seniorities (junior, professional and senior) in a targeted manner. Of course, this is done in cooperation with the IHK Academy. If you want to find out more about this training, we're happy to help, just give us a call.
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.