What we look for in our Penetration Testers

By Paladion

July 24, 2008

I am often asked what qualities we look for when we recruit
penetration testers. We are now recruiting 8 new team members, so this is as
good a time as any to share our recruitment process.

We look for 3 qualities in our penetration testers:

  1. Technical
  2. Analytical
  3. Communication

What exactly do we mean?

Technical clarity
is a person’s clear understanding of any technical topic he loves. We don’t
necessarily require you to know penetration testing – yet. We’ll bring you up
to speed on that quickly. But we do require that you know a few technical
topics you like really well.

Analytical horsepower
is a person’s ability to analyze a problem and make good inferences. As
penetration testers we analyze an application’s behavior and try to predict how
the developers have written the application. Without seeing the source code, we
have to deduce possible errors in the application, and that requires strong
analytical skills.

Good communication
is a person’s ability to express ideas clearly in correct and fluent English.
Our findings are presented to our clients as written reports. So the ability to
write good English matters. Clients seek our advice on tricky issues they
encounter when they fix holes – so the ability to explain techniques clearly
over the phone, or in person matters.

How do we identify new team mates?

We recruit engineers with different backgrounds to our penetration testing team - from fresh grads to experienced security engineers. We receive a large volume of applications each year. We shortlist
candidates for interviews is based on three written tests, or on the direct relevance of the experience:

  1. A
    40-minute test of Analytical skills
  2. A
    20-minute test of English
  3. A
    20-minute essay

Successful candidates appear for the round of interviews. The
interview panel is usually a recent entrant into Paladion and a seasoned
Paladion engineer. Over the next 1 – 4 hours, it’s their job to determine how
well you’ll fit our team.  

Our interviews are usually fun, and sometimes even
unsuccessful candidates tell us they enjoyed the experience. The focus in these
interviews is to see how strong you are in a few technical areas of your
choice. We believe that if you are really strong in your favorite areas, you
will take on to penetration testing also quickly.

So, you chose the
topics to discuss.

The topics don’t have to be fancy. We are as comfortable
discussing the 555 timer as your mechatronics project. So don’t berate yourself
if your favorite subject isn’t “cool”.

We are unlikely to be experts in your favorite area, and
that’s a good thing. You can teach us all you want, and we’ll be glad to
clarify our doubts. We have observed that folks, who are really clear about a
technique, can explain it in simple terms. So please start from the basics, and
develop the topic as we go along. The deeper we go, the stronger an impression
we’ll get of your technical skills.

The interviews are of course a great place for you to learn
about us. The panel will be glad to help you understand Paladion better. The
seasoned engineer can tell you the history and background of our work. Newly
minted team mates can answer your questions about the culture and the fun we
have. Both of them are quite well-trained in pitching Paladion to candidates we
like :)

That’s it in a nutshell. The interviews help us find you and
they enable you to decide if we are your ideal workplace. 

Tags: Uncategorized