Pentester
The pentester, also known as an intrusion tester or penetration tester, identifies computer flaws to prevent cyber attacks.
Also known as an " ethical hacker ", the job of a Pentester involves ensuring the computer security of networks and applications by simulating malicious attacks. This cybersecurity professional puts himself in the shoes of a hacker to identify and exploit vulnerabilities in computer systems.
They use sophisticated techniques to access sensitive company data and identify weaknesses. Once the flaws have been discovered, the pentester analyses the criticality of the vulnerabilities and draws up a detailed report containing recommendations for strengthening security.
In addition to penetration tests, pentesters carry out 3 types of security audits to assess a company's information systems.
The pentester has a thorough understanding of IT security and the architecture of systems and networks, cryptography, coding systems and security audits. In addition to these basic skills, they know how to program in Python, C/C++, Java and PHP to carry out intrusion tests. On a day-to-day basis, he uses the Linux operating system and Kali Linux. They also have in-depth knowledge of operating systems, networks and protocols, and are proficient in intrusion testing tools such as Metasploit.
Note: Pentesters must be able to code in a variety of languages (Python, C, Go, Ruby, LUA, assembler, Perl), as they may be required to write their own programmes.
Curiosity and the ability to put yourself in the shoes of a hacker are major assets for a pentester. To this end, they take part in events such as "Capture the Flag" and "La Nuit du Hack". These are conferences, live events and workshops organised for the hacker community.
In addition, he has analytical skills, a critical mind and attention to detail. They are patient, hard-working and rigorous. Despite a natural penchant for solitude, the pentester must enjoy teamwork and have a taste for a challenge.
To become a pentester, you need the equivalent of 3 to 5 years' higher education in IT or information systems security. For example, you could start with a computer science degree (BUT Informatique), followed by a professional degree in computer science with a specialisation in systems and network administration and security. After that, you can go on to an engineering degree or a master's in IT with a specialisation in cybersecurity.
In addition to academic training, certifications are often required to attest to the pentester's technical skills. The Anglo-Saxon certifications Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or Certified Information Systems Security Professional (CISSP) are the most widely recognised in this field.
With experience, a pentester can progress to positions such as information systems security manager (ISSM) or cybersecurity consultant . They may continue their careers in management positions within an IT security team.
By specialising, a pentester can become an intrusion manager or focus on specific systems, such as industrial systems. Other pentesters choose to set up their own IT security consultancy.
In the course of their work, pentesters come into contact with companies of all sizes and from a wide range of sectors. Part of their work involves investigating the company's businesses and understanding their methodologies in order to better identify the vulnerabilities in each sector. They may work in-house, on a freelance basis or for specialist consultancies, often from home.
Salaries vary according to the candidate's experience, reputation and the size of the company.