Penetration Tester Jobs Banner


Defend your digital future

The demand for ethical white hat hackers has never been higher and the skills of Penetration Testers are highly sought after in New Zealand today. Organisations of all shapes and sizes are looking for pen testers like you to help reduce their vulnerabilities against cybercrime. 

Do you have a natural instinct to push the boundaries? Looking to join the fight to protect our systems? Let us get you there. 

Find my next penetration tester job in New Zealand 

Do you know what you want from your next Penetration Tester job? The opportunity to make an impact in a forward-thinking start-up or shake up an NZX-listed organisation?

We can support you every step of the way to realise your potential. Our network of New Zealand’s top employers means we have roles you can get excited about and the expertise to support you to secure them. 

Find your nearest office to get in touch with us, send us your CV or browse our latest available Penetration Tester jobs.   

Your penetration tester job questions, answered

Where can I find Penetration Tester jobs in New Zealand?

We regularly advertise new jobs for Penetration Testers right around New Zealand. Click below to check out all our Penetration Tester jobs or those in your nearest city:  

What does a Penetration Tester do?

A Penetration Tester is responsible for finding vulnerabilities in existing and active computer systems and attempting to exploit the faults or cracks within those systems. A ‘Pen Tester’ as they are commonly referred to, will conduct network penetration testing by staging a simulated cyber-attack.
At the completion of the security penetration testing, the Penetration Tester will provide feedback about the breaches they could produce, highlighting any weaknesses within the security protocols and computer systems that they were able to expose.

What skills does a Penetration Tester need to have?

To be successful as a Penetration Tester, it is imperative that you have exceptional knowledge of computer systems, applications and networks. Experience in penetrating and exploiting systems is essential, with the ability to present feedback effectively an exceptional complementary skill.

Penetration Testers need to think like criminal hackers but must also go beyond the use of automated tools to find flaws in the security systems. 

 Proficiency with respect to command line-based tools is often looked at as a benchmark for Penetration Testers. Expertise with scripts, DOS Batch and a wide range of operating systems are necessary. A Pen Tester can save an organisation both money and heartache by being able to identify and rectify any issues before they develop into significant problems.  

It is not enough to only identify project needs. A good Penetration Tester can articulate findings and security concerns in an effective manner. Attention to detail and effective problem-solving skills allow for this to be achieved but it is excellent communication skills which underline the potential impact of an issue.

Being able to present this information effectively to key stakeholders can determine how quickly a matter is dealt with. Successfully prioritising will help ensure that organisational goals are met.

What are a Penetration Tester’s job description and responsibilities? 

  • Work through the Penetration Testing stages (planning, scanning, gaining access, maintaining access, analysis and WAF configuration)  
  • Plan and gather as much as information and intelligence as possible to conduct testing and exploit security protocols  
  • Perform a scanning checklist to understand how computer systems will respond to cyber attacks 
  • Use web applications to start an attack and expose flaws 
  • Maintain access and determine how long system breaches can be sustained for without being detected 
  • Analyse and present findings of simulated cyber-attacks, identifying breaches, the level of risk associated with them and recommendations to rectify issues being detected 
  • Maintain excellent working relationships with key stakeholders  

What skills and experience are employers looking for from Penetration Testers? 

Penetration Testers can benefit from hands-on experience in lieu of tertiary qualifications, but we have also found that employers are looking for strength in the following areas:

Core Skills 

  • Attention to detail 
  • Problem-solving 
  • Communication

Technical Skills 

  • Knowledge of computer and network systems  
  • Penetration Testing 
  • Scripting/Coding/Programming 

Core Skills

A great attention to detail is an important skill required to be a successful Penetration Tester. It is essential for the Penetration Tester to understand the requirements of the test and the limitations or the boundaries of what can be exploited; but it is the way findings are communicated that employers have highlighted as decisive. They prefer people who can provide detailed analysis in the form of a report and make specific reference to the level of risk associated with the breaches. 

The Penetration Tester will identify the weaknesses of a computer system and exploit them, but they must also work with technology service owners to find solutions to those problems. With an increased reliance on technology, it is becoming critical for organisations to protect themselves against potential attacks. Penetration Testers need to think like criminal hackers and that means staying on top of trends and developments within this space. 

Organisations will be relying on the findings from the Pen Test to make key decisions. It is the responsibility of the Penetration Tester to provide a report that clearly outlines the security breaches achieved and the potential solutions that can be implemented protect the organisation from internal and external breaches.  

Technical Skills 

A strong understanding of information technology is expected including operating and network systems. A Penetration Tester should have extensive knowledge on how to conduct a variety of penetration tests including: network penetration testing, web application penetration testing, website security penetration testing, and social engineering tests. 

There is no limit as to the knowledge required here and we suggest that you list all aspects that you are proficient in. This may include software modules, network databases like MYSQL/SQL Server and mail servers such as Exchange or SMTP. With respect to web application, employers are looking for Penetration Testers with extensive knowledge on browsers and their components like Plug-ins, Applets and ActiveX. 
Another major skill of a successful Penetration Tester is to be competent in coding and scripting. It would be beneficial for individual tasks and will save time, if the Penetration Tester can write a batch file or shell script. It is also important to understand programming languages such as Python, Perl, PowerShell and Bash.  

What type of employers hire Penetration Testers? 

Cyber security is a rapidly growing space in IT which has created an abundance of employment opportunities for those with Penetration Tester skills. The number of industries relying on technology continues to rise and the same applies for the need to protect their systems from attack.
Here are some of the industries which are consistently looking for the expertise of Penetration Testers: 
  • Consultancy - Security consultancy firms will always be inundated with requests from clients for Penetration Testers to work on improving their computer systems and making sure their information security is compliant. Cyber security is still a space where many organisations use third party resources. This means a large number of contract roles for Penetration Testers. 
  • Financial Institutions – With high volumes of sensitive data and information including personal banking details, financial institutions can ill-afford to have a breach in their security systems. There are significant job prospects and opportunities for Penetration Testers in this industry. 
  • Public Sector and Defence – These industries are often the final safeguard with respect to important information. Organisations such as government agencies hold extremely sensitive information, while the defence forces have intelligence which requires extreme levels of protection. The threat to these industries is generally the most skilled hackers, hence the importance of finding exceptional Penetration Testers. 
These are just some of the industries who will employ a Penetration Tester, but as a general rule of thumb, larger organisations will try to develop their own Penetration Testing teams internally, whereas smaller organisations who can’t afford/ don’t have a big enough technology environment will rely more heavily on external consultancies.

What technologies does a Penetration Tester use?

  • Operating Systems: Linux (Kali, BackBox, Ubuntu, Fedora, other), Windows, Mas OS etc  
  • Networks: LAN, Wireless, Cloud etc  
  • Network Databases/Exchanges: MYSQL/SQL Server, Exchange/SMTP mail servers,   
  • Web Browsers: Chrome, Firefox, Safari, Opera, Internet Explorer etc  
  • Web Application Tools: ActiveX, Plug-ins, Applets, Scriptlets etc  
  • Programming Languages: Python, Perl, PowerShell, Bash etc  
  • Communication Platforms: Email, Slack, Teams, Zoom, Google Meets etc  
  • General Software: MS Office or equivalent 

 We strongly advise that you list all software or tools that you are proficient in on your resume as they may help you stand out to employers in a specific industry.  

How much do Penetration Testers earn in New Zealand?  

The demand for Penetration Testers is on the rise courtesy of the widespread use of IT services and the importance of strong security protocols. Salaries can vary depending on responsibilities, location and type of company.
As a Penetration Tester, salaries can range from $120,000 to $170,000. 
To learn more about typical earnings as a Penetration Tester in New Zealand, use the Hays Salary Checker to benchmark Penetration Tester salaries.

How can I become a Penetration Tester in New Zealand? 

It is common for Penetration Testers to have tertiary qualifications such as a Bachelor of Information Technology or Computer Science, but hands-on experience within the industry is most appealing to employers. 
Other professional qualifications which are viewed upon favourably include Offensive Security (OSCP) certification and being a CREST Certified Tester.  Expand your skill set and have an appetite to learn.
This may include becoming proficient in additional programming languages and specific Linux-based or emerging operating systems that are commonly used by Penetration Testers and their counterparts. 
Work on your communication and presentation skills. These will help you build strong working relationships and allow you to show the true value of your contribution to key stakeholders.