After this lesson, you will be able to: Translate the pentest sub-track into a resume, portfolio, and interview-ready talking points that land a junior pentest role.
Penetration testing is one of the most cert-and-portfolio-heavy specialisations in security. This lesson maps what you've built directly to consultancy and red-team job listings.
Junior Penetration Tester / Security Consultant, the canonical entry; assists on engagements at NCC, Bishop Fox, Coalfire, Rapid7, Praetorian. $70-$110k entry. Red Team Operator (junior), internal team at a large company; simulates persistent adversaries. $100-$170k. Application Security Engineer (offensive focus), embedded with dev teams to find bugs proactively. $130-$220k. Bug Bounty Hunter (full-time at a company), salaried role at HackerOne/Bugcrowd or large company internal teams. $80-$150k. Search 'penetration tester', 'security consultant', 'red team' on LinkedIn.
Skills: Nmap, Burp Suite, Metasploit, Hydra, John the Ripper, Hashcat, BloodHound (Active Directory), MITRE ATT&CK, OWASP Top 10, PowerShell + Bash, professional report writing. Projects: 'Completed 5 HackTheBox machines and 30 PortSwigger Web Academy labs; report writeups published on GitHub.' 'OSCP / eJPT held or in progress.' 'Submitted N HackerOne reports; M accepted (link Hacktivity profile).' 'CTF: SANS Holiday Hack rank, picoCTF score, BSides CTF participation.' Certs: PenTest+ / eJPT (entry); OSCP if held; OSWE / OSEP for senior specialisation.
'Walk me through how you'd approach a black-box engagement against a small web app.' (Tests methodology; cs-pentest-htb-project is the playbook.) 'What's the difference between a vulnerability assessment and a penetration test?' (Memorise: scope, depth, deliverable.) 'Tell me about a machine you owned and the most interesting bug you found.' (Bring your HTB writeup; tell the story.) 'Explain SQL injection to a sysadmin who isn't a developer.' (Tests communication.) 'You find a critical bug in scope but the customer says "we know about that", what do you do?' (Tests professionalism + scope discipline.) Most consultancies also do a hands-on practical: 30-60 minutes against a simple HTB-style box. Practice timing yourself.
Three of these in 60 days and you have a defensible portfolio for any junior pentest interview.
Publish reports for 5 retired HTB machines on GitHub or a personal blog, using the cs-pentest-htb-project format.
File 3-5 HackerOne reports on public VDP programs. Even Informational outcomes count if you used the right format.
Compete in 3 CTFs (picoCTF, SANS Holiday Hack, NahamCon, BSides events) and publish per-challenge writeups.
Contribute to an open-source security tool (write a Metasploit auxiliary module, a Burp extension, or a Nuclei template). Real public commits beat certs.
Study the eJPT (~$200) or OSCP (~$2K with employer sponsorship) lab environments; pass the exam.
Listing OSCP as 'in progress' for two years without progress. Either commit and finish, or don't list. No GitHub. Every pentest interviewer asks. Bragging about tools rather than tradecraft. 'I ran Nmap' is not a brag; 'I noticed the SMB share allowed null sessions because the firewall was misconfigured' is. Pretending to have OSCP-level skill at eJPT level. Be honest about where you are; consultancies hire juniors and grow them. Skipping CFAA / legal questions in interviews, they ALWAYS come up.
Sign in and purchase access to unlock this lesson.