What we look for in our Penetration Testers

I am often asked what qualities we look for when we recruit penetration testers. We are now recruiting 8 new team members, so this is as good a time as any to share our recruitment process.

We look for 3 qualities in our penetration testers:

1. Technical clarity
2. Analytical horsepower
3. Communication skills

What exactly do we mean?

Technical clarity is a person’s clear understanding of any technical topic he loves. We don’t necessarily require you to know penetration testing – yet. We’ll bring you up to speed on that quickly. But we do require that you know a few technical topics you like really well.

Analytical horsepower is a person’s ability to analyze a problem and make good inferences. As penetration testers we analyze an application’s behavior and try to predict how the developers have written the application. Without seeing the source code, we have to deduce possible errors in the application, and that requires strong analytical skills.

Good communication skill is a person’s ability to express ideas clearly in correct and fluent English. Our findings are presented to our clients as written reports. So the ability to write good English matters. Clients seek our advice on tricky issues they encounter when they fix holes – so the ability to explain techniques clearly over the phone, or in person matters.

How do we identify new team mates?

We recruit engineers with different backgrounds to our penetration testing team - from fresh grads to experienced security engineers. We receive a large volume of applications each year. We shortlist candidates for interviews is based on three written tests, or on the direct relevance of the experience:

1. A 40-minute test of Analytical skills
2. A 20-minute test of English
   
3. A 20-minute essay

Successful candidates appear for the round of interviews. The interview panel is usually a recent entrant into Paladion and a seasoned Paladion engineer. Over the next 1 – 4 hours, it’s their job to determine how well you’ll fit our team.  

Our interviews are usually fun, and sometimes even unsuccessful candidates tell us they enjoyed the experience. The focus in these interviews is to see how strong you are in a few technical areas of your choice. We believe that if you are really strong in your favorite areas, you will take on to penetration testing also quickly.

So, you chose the topics to discuss.

The topics don’t have to be fancy. We are as comfortable discussing the 555 timer as your mechatronics project. So don’t berate yourself if your favorite subject isn’t “cool”.

We are unlikely to be experts in your favorite area, and that’s a good thing. You can teach us all you want, and we’ll be glad to clarify our doubts. We have observed that folks, who are really clear about a technique, can explain it in simple terms. So please start from the basics, and develop the topic as we go along. The deeper we go, the stronger an impression we’ll get of your technical skills.

The interviews are of course a great place for you to learn about us. The panel will be glad to help you understand Paladion better. The seasoned engineer can tell you the history and background of our work. Newly minted team mates can answer your questions about the culture and the fun we have. Both of them are quite well-trained in pitching Paladion to candidates we like :)

That’s it in a nutshell. The interviews help us find you and they enable you to decide if we are your ideal workplace. 

Plynt provides penetration testing and code review services to clients worldwide. If you are interested, please contact us for a quote. We’ll get back to you within one working day.