IN NEW ZEALAND
Defend your digital future
The demand for ethical white hat hackers has never been higher and the skills of Penetration Testers are highly sought after in New Zealand today. Organisations of all shapes and sizes are looking for pen testers like you to help reduce their vulnerabilities against cybercrime.
Do you have a natural instinct to push the boundaries? Looking to join the fight to protect our systems? Let us get you there.
Find my next penetration tester job in New Zealand
We can support you every step of the way to realise your potential. Our network of New Zealand’s top employers means we have roles you can get excited about and the expertise to support you to secure them.
Find your nearest office to get in touch with us, send us your CV or browse our latest available Penetration Tester jobs.
Insights & Inspiration
Your penetration tester job questions, answered
Where can I find Penetration Tester jobs in New Zealand?
What does a Penetration Tester do?
What skills does a Penetration Tester need to have?
To be successful as a Penetration Tester, it is imperative that you have exceptional knowledge of computer systems, applications and networks. Experience in penetrating and exploiting systems is essential, with the ability to present feedback effectively an exceptional complementary skill.
Penetration Testers need to think like criminal hackers but must also go beyond the use of automated tools to find flaws in the security systems.
Proficiency with respect to command line-based tools is often looked at as a benchmark for Penetration Testers. Expertise with scripts, DOS Batch and a wide range of operating systems are necessary. A Pen Tester can save an organisation both money and heartache by being able to identify and rectify any issues before they develop into significant problems.
It is not enough to only identify project needs. A good Penetration Tester can articulate findings and security concerns in an effective manner. Attention to detail and effective problem-solving skills allow for this to be achieved but it is excellent communication skills which underline the potential impact of an issue.
Being able to present this information effectively to key stakeholders can determine how quickly a matter is dealt with. Successfully prioritising will help ensure that organisational goals are met.
What are a Penetration Tester’s job description and responsibilities?
- Work through the Penetration Testing stages (planning, scanning, gaining access, maintaining access, analysis and WAF configuration)
- Plan and gather as much as information and intelligence as possible to conduct testing and exploit security protocols
- Perform a scanning checklist to understand how computer systems will respond to cyber attacks
- Use web applications to start an attack and expose flaws
- Maintain access and determine how long system breaches can be sustained for without being detected
- Analyse and present findings of simulated cyber-attacks, identifying breaches, the level of risk associated with them and recommendations to rectify issues being detected
- Maintain excellent working relationships with key stakeholders
What skills and experience are employers looking for from Penetration Testers?
A great attention to detail is an important skill required to be a successful Penetration Tester. It is essential for the Penetration Tester to understand the requirements of the test and the limitations or the boundaries of what can be exploited; but it is the way findings are communicated that employers have highlighted as decisive. They prefer people who can provide detailed analysis in the form of a report and make specific reference to the level of risk associated with the breaches.
The Penetration Tester will identify the weaknesses of a computer system and exploit them, but they must also work with technology service owners to find solutions to those problems. With an increased reliance on technology, it is becoming critical for organisations to protect themselves against potential attacks. Penetration Testers need to think like criminal hackers and that means staying on top of trends and developments within this space.
Organisations will be relying on the findings from the Pen Test to make key decisions. It is the responsibility of the Penetration Tester to provide a report that clearly outlines the security breaches achieved and the potential solutions that can be implemented protect the organisation from internal and external breaches.
A strong understanding of information technology is expected including operating and network systems. A Penetration Tester should have extensive knowledge on how to conduct a variety of penetration tests including: network penetration testing, web application penetration testing, website security penetration testing, and social engineering tests.
There is no limit as to the knowledge required here and we suggest that you list all aspects that you are proficient in. This may include software modules, network databases like MYSQL/SQL Server and mail servers such as Exchange or SMTP. With respect to web application, employers are looking for Penetration Testers with extensive knowledge on browsers and their components like Plug-ins, Applets and ActiveX.
Another major skill of a successful Penetration Tester is to be competent in coding and scripting. It would be beneficial for individual tasks and will save time, if the Penetration Tester can write a batch file or shell script. It is also important to understand programming languages such as Python, Perl, PowerShell and Bash.
What type of employers hire Penetration Testers?
- Consultancy - Security consultancy firms will always be inundated with requests from clients for Penetration Testers to work on improving their computer systems and making sure their information security is compliant. Cyber security is still a space where many organisations use third party resources. This means a large number of contract roles for Penetration Testers.
- Financial Institutions – With high volumes of sensitive data and information including personal banking details, financial institutions can ill-afford to have a breach in their security systems. There are significant job prospects and opportunities for Penetration Testers in this industry.
- Public Sector and Defence – These industries are often the final safeguard with respect to important information. Organisations such as government agencies hold extremely sensitive information, while the defence forces have intelligence which requires extreme levels of protection. The threat to these industries is generally the most skilled hackers, hence the importance of finding exceptional Penetration Testers.
What technologies does a Penetration Tester use?
- Operating Systems: Linux (Kali, BackBox, Ubuntu, Fedora, other), Windows, Mas OS etc
- Networks: LAN, Wireless, Cloud etc
- Network Databases/Exchanges: MYSQL/SQL Server, Exchange/SMTP mail servers,
- Web Browsers: Chrome, Firefox, Safari, Opera, Internet Explorer etc
- Web Application Tools: ActiveX, Plug-ins, Applets, Scriptlets etc
- Programming Languages: Python, Perl, PowerShell, Bash etc
- Communication Platforms: Email, Slack, Teams, Zoom, Google Meets etc
- General Software: MS Office or equivalent
We strongly advise that you list all software or tools that you are proficient in on your resume as they may help you stand out to employers in a specific industry.
How much do Penetration Testers earn in New Zealand?
How can I become a Penetration Tester in New Zealand?