Skip to main content
4 answers
4
Updated 224 views Translate

Do security pentesters work steady hours or are they basically freelance?

(I want to be transparent right up front: I'm not a student. I'm a staff member at CareerVillage.org. But I'm posting this question because although we have many questions related to #cybersecurity, we don't have this one, and I think our students would love to know the answer.)

My question: Do professional pentesters* work steady 9-5 jobs for one company over a long period of time, or do they mostly freelance,** or do they have some other typical working arrangement? If the answer is "it depends", then could you share what you've seen as "the norm"?

I'd be especially appreciative if you'd share whether you have experience in the industry. Thank you in advance!

Notes for the students who will read this question:
* Pentesters are cybersecurity experts who focus on gaining access to systems , sometimes called "white-hat hackers".
** Freelancing is working as a contractor on an hourly or project-based basis, usually for hours, days, or months at a time for a "client" (a company that will pay you for your time). It differs from being an employee in a couple of ways, but that's a topic for a different CareerVillage question :)
#cybersecurity #it-security #security

+25 Karma if successful
From: You
To: Friend
Subject: Career question for you

4

4 answers


0
Updated Translate

Edmond’s Answer

Pentesting is definitely not a 9-5 job.
A pentester attempts to simulate a malicious attack and attackers (aka bad actors) don't work 9-5! Let's also remember that pentesting often involves physical pentesting, i.e. walking past a receptionist or entering a restricted area by piggybacking an authorized person, or breaking in backdoors, etc.

Melanie brings up a very good point regarding area of focus and the nature of the work involved. If the project/task is very specific, and the work has been contracted out to a large organization, then those could be done by staff that work 9-5. I would still argue that a pentester that has spent all day trying to break into a piece of software would have a really hard time stopping and leaving office at 5, and therefore losing the trail. If you're a freelance pentester, all bets are off.

Pentesting also involves a lot of administrative work, keeping accurate records and maintaining chains of custody when applicable, obtaining permissions and legal reviews, documenting the results, verifying the work of pentesters. Those tasks could potentially be a better fit for 9-5 schedule.
0
0
Updated Translate

Atul’s Answer

Most QA/Testing jobs in the cyber security are normal job hours.
However with the pandemic many employers are offering remote/flex hours.
So it is up to individuals employers to decide what to allow.
0
0
Updated Translate

Sarah’s Answer

Hi there! Coming as an almost graduated senior in Cyber Security, you will find both from my research! It all depends on how you choose to work. A lot of government jobs within Cyber Security are open as a Pen testing position. However, for a lot of cyber majors, this isn't always the option that they want. With freelance, you decide your own schedule and wages you are to receive for the job. This does mean that you need to build your own customer base. Meanwhile with getting into the career, you will work more given hours but you don't get as much freedom always with what days you work/how many in addition to your salary. I hope this helps!
0
0
Updated Translate

Melanie’s Answer

Becoming a Pentester can be a very exciting career choice, either as a dedicated Pentester in one or several different focus areas or on the side as a way to make some extra money. In my time working in and with cybersecurity companies and professionals, I have seen people with Pentesting experience and backgrounds and use their skills more on a contracting basis. They can work per project, per application, or use their skills for fun like in a Capture the Flag (CTF) or Bug Bounty (another way to earn side money). For the most part, depending on your focus area, someone who works full time in a Pentester capacity will work for a company that will ultimately contract you out, so as an employee of a managed security service provider. Companies that hire full time Pentesters are likely going to be your very large enterprises like Microsoft, but the job title or description you would be looking for won't specifically say "Pentester", but as a skill set that's what the job would entail.
0