Thank you for applying to work for PEN Consultants as a Security and Penetration Tester!
Full Interview Process
Each candidate applying to work for us as a tester must complete a 6-phase interview process before being extended a Conditional Job Offer (CJO). The general job details for a consultant performing Security and Penetration Testing can be found here: Tester Interview – Phase 0
- This first phase is to help us ensure you understand our company, the positions we’ve taken on certain cybersecurity debates, how we interact with our clients, our strong faith culture, etc.
- In phase 2, you get to talk-the-talk.
- Phase 3 is a phone interview with PEN Consultants where we drill into more details about the position and your background.
- The 4th phase allows you to demonstrate some basic hands-on challenges and communicate what you found.
- The 5th phase is as close as we can get you to performing a small pentest to see if you can walk-the-walk. You’ll exploit the web app, and write-up your findings as if you were presenting them to a client.
- The 6th and final phase is your opportunity to meet the team on a Zoom video call – ask questions and be asked questions.
After receiving a CJO, the candidate must pass a full-scope background check (criminal, civil, drug screening, identity verification, credit history, employment and education verification, etc.).
Ready to get started?
Getting to Know PEN Consultants
This phase is to help us ensure you understand our company, the positions we’ve taken on certain cybersecurity debates, how we interact with our clients, our strong faith culture, etc.
- Don’t overthink this! We’re just looking to make sure you understand how the security testing business works, the stances we’ve taken on certain topics, our company background, etc. Each question should not take you more than just a couple of minutes (max).
- When you are finished, please respond to our original email with a PDF of your responses.
- Honesty and transparency are always best. If you get into this and realize it’s not the type of work you were hoping for, it isn’t in line with your career goals, our opinions rub you the wrong way, etc., feel free to respond with a “Thanks for the opportunity, however, I don’t believe I’m interested at this time” email.
- Why do you want to work in the security and penetration testing industry?
- Summarize PEN Consultants’ company background, purpose, vision, and mission, the meaning behind our logo and slogan – Rock Solid Security, etc.
- Review: https://penconsultants.com/testingDiff
- Question: If a client is seeking to test their ability to detect and respond to an active threat, which service would you recommend and why?
- Question: If a client says they are in need of the most affordable solution for testing, which service would you recommend and why?
- Review: https://penconsultants.com/shields
- Question: Why should testing almost never be performed through firewalls/WAFs/etc. when auto mitigate/IPS type features are enabled? Should the tester’s IP be white listed, and if so, when? Explain.
- Question: Which compliance standard specifically states that security testing should not be performed through something such as a WAF in auto-block mode?
- Review: https://penconsultants.com/graybox
- Question: What are some of the benefits of white box testing?
- Question: Are there benefits to black box testing?
- Review: https://penconsultants.com/services
- Question: What is a ballpark price for an internal penetration test for a network with 1,600 workstations? The client is not interested in debriefings, or any technical support afterward, just a report of our findings.
- Question: What is the monthly cost to have PEN Consultants on retainer (i.e. Cybersecurity Unlimited) for 10 hrs per month?
- Review: https://penconsultants.com/informed
- Question: If a client asks how they are kept informed during an engagement, what would you tell them?
- Review: https://penconsultants.com/testimonials
- Question: A prospective technology software company is asking for references to our past clients. What are some references you could provide?
- Review: https://penconsultants.com/home/services/nonprofits/
- Question: Why would faith-based organizations receive a 30% discount (or more), but no one else?
- Review: https://penconsultants.com/csr
- Question: What percentage of our revenue do we give to charity?
- Question: Who do we currently support?
- Review: https://penconsultants.com/report
- Download a copy of the report and review it. This is the deliverable you will have to create for most engagements.
- Question: Which discovered vulnerability allowed us to gain access to 100% of the user passwords?
- Question: What attack is possible if the x-frame-options header, or equivalent, is missing in web server responses?
- Question: When looking at, or considering, other pentest companies you could be working for, what about PEN Consultants makes you want to work here?
- Question: What are some concerns you have at this stage of the interview process (about us, about the work, the environment, etc.)?
- Question: What questions do you have for us?
That’s it for the questions! You are encouraged to review the other company pages and blog posts to continue familiarizing yourself with our company.