- Perform formal penetration tests on web-based applications, networks and computer systems
- Conduct physical security assessments of servers, systems and network devices
- Design and create new penetration tools and tests
- Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
- Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
- Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
- Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
- Research, document and discuss security findings with management and IT teams
- Review and define requirements for information security solutions
- Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
- Provide feedback and verification as an organization fixes security issues