-
Maintain up-to-date knowledge of hacking trends.
-
Design security solutions to address known device vulnerabilities.
-
Prepare and submit reports describing the results of security fixes.
-
Identify new threat tactics, techniques, or procedures used by cyber threat actors.
-
Discuss security solutions with information technology teams or management.
-
Develop infiltration tests that exploit device vulnerabilities.
-
Develop and execute tests that simulate the techniques of known cyber threat actors.
-
Develop presentations on threat intelligence.
-
Collect stakeholder data to evaluate risk and to develop mitigation strategies.
-
Keep up with new penetration testing tools and methods.
-
Conduct network and security system audits, using established criteria.
-
Identify security system weaknesses, using penetration tests.
-
Evaluate vulnerability assessments of local computing environments, networks, infrastructures, or enclave boundaries.
-
Assess the physical security of servers, systems, or network devices to identify vulnerability to temperature, vandalism, or natural disasters.
-
Configure information systems to incorporate principles of least functionality and least access.
-
Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
-
Test the security of systems by attempting to gain access to networks, Web-based applications, or computers.
-
Document penetration test findings.
-
Update corporate policies to improve cyber security.
-
Gather cyber intelligence to identify vulnerabilities.
-
Investigate security incidents, using computer forensics, network forensics, root cause analysis, or malware analysis.
-
Write audit reports to communicate technical and procedural findings and recommend solutions.