NSXNational Skills ExchangeSign in
Back to Framework

Penetration Testers

SOC 15-1299.04Job Zone 4 · Considerable Preparationv.26.05

Context coveredThis framework covers offensive security and penetration testing practice across network, application, cloud, and enterprise environments, from supervised entry-level assessments through executive leadership of organizational red team programs.

Sources:O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.SkillsCrosswalkSkillsCrosswalk — O*NET enrichment + adjacency index. Opens in new tab.
Emerging
Entry / Apprentice
  1. Basic penetration testing tools and scanning utilitiesexecute under direct supervision to enumerate open ports and services on a controlled lab network.
  2. Common vulnerability databases and CVE repositoriesreference and interpret to identify known weaknesses in target systems during guided assessments.
  3. Operating system software environments including Linux and Windowsnavigate and configure under direction to support initial reconnaissance activities.
  4. Structured test plans and assessment checklistsfollow precisely to conduct entry-level security scans within a defined scope and rules of engagement.
  5. Program and system malfunctions identified during testingdocument observations and escalate to senior testers for diagnosis and remediation guidance.
  6. Network security and VPN equipment softwareoperate under supervision to establish secure testing connections and monitor basic network traffic.
  7. Technical findings from automated vulnerability scannerscompile into preliminary reports using standardized templates under reviewer oversight.
  8. Database user interface and query softwareapply foundational SQL knowledge to test for basic injection vulnerabilities in supervised web application assessments.
  9. Reading comprehension skills and vendor security advisoriesapply to understand patch notes, exploit disclosures, and testing prerequisites before each engagement.
  10. Organizational security policies and rules of engagementadhere to with strict attention to detail to ensure authorized-only testing on client systems.
Developing
Mid-level / Established
  1. Multi-phase penetration testing methodologiesexecute with reduced oversight across network, web application, and social engineering test vectors in client environments.
  2. Exploitation frameworks such as Metasploit and custom scriptsdeploy independently to validate discovered vulnerabilities and demonstrate proof-of-concept exploits.
  3. Operating system and application server softwareanalyze configurations and misconfigurations to identify privilege escalation paths on enterprise infrastructure.
  4. Complex problem-solving techniquesapply when encountering non-standard defenses or unexpected system behaviors during live penetration engagements.
  5. Intermediate-level assessment reportsauthor with clear technical narratives, risk ratings, and remediation recommendations for both IT staff and business stakeholders.
  6. Database management system softwaretest for authentication bypass, privilege abuse, and data exposure vulnerabilities in routine client database assessments.
  7. Cloud-based management software and infrastructureassess for misconfigured permissions, exposed storage buckets, and insecure API endpoints in cloud tenancy reviews.
  8. Staff and end users reporting security incidentsassist in troubleshooting and correlating symptoms to identify whether issues stem from active compromise or system malfunction.
  9. Object-oriented and scripting development environmentswrite and adapt exploit proof-of-concept code to validate specific vulnerability classes in target applications.
  10. Inductive reasoning and pattern recognitionapply across multiple client engagements to identify recurring vulnerability trends and refine testing efficiency.
Proficient
Senior / Expert IC
  1. Full-scope penetration testing engagementsplan and execute autonomously across network, application, cloud, and physical attack surfaces for complex enterprise clients.
  2. Advanced persistent threat simulation and red team operationsdesign and conduct to replicate realistic adversary tactics, techniques, and procedures against hardened environments.
  3. Non-routine system malfunctions and anomalous behaviors encountered during testingdiagnose independently and differentiate between pre-existing issues and artifacts of the assessment.
  4. Custom exploit development and tool creationproduce using expert system software and development environments to address gaps where commercial tooling is insufficient.
  5. Business problem analysis and integrated security risk modelingperform to translate technical findings into quantified business impact for executive decision-making.
  6. Computer-aided design and network architecture diagramsinterpret and leverage to identify architectural weaknesses and high-value lateral movement paths before active testing begins.
  7. Comprehensive penetration test reports and executive briefingsdeliver independently with precise written and oral communication tailored to both technical and non-technical audiences.
  8. Adversarial threat intelligence and emerging exploit researchsynthesize continuously to keep testing methodologies current with real-world attacker capabilities.
  9. Judgment and decision-making in high-stakes testing scenariosexercise with disciplined cautiousness to halt or modify test activities when unplanned system impact is detected.
  10. Integrated production system assessments and regression testing programscoordinate alongside development and operations teams to embed security validation into software delivery pipelines.
Advanced
Lead / Principal / Executive
  1. Organizational penetration testing strategy and program maturity roadmapdefine and champion at the executive level to align offensive security capabilities with enterprise risk posture.
  2. Enterprise-wide red team and adversary simulation programsarchitect and oversee, setting scope, methodology standards, and success criteria across multiple concurrent engagements.
  3. Junior and mid-level penetration testersmentor and develop through structured coaching, technical review, and career progression frameworks within the security organization.
  4. Cross-functional security improvement initiativeslead by translating red team findings into prioritized remediation programs coordinated across engineering, operations, and compliance teams.
  5. Novel attack research and proprietary tooling innovationsponsor and direct to advance the organization's offensive security capabilities beyond commercially available solutions.
  6. Organizational security policies, testing governance frameworks, and rules of engagement standardsauthor and maintain to ensure legally compliant and ethically sound testing practices at scale.
  7. Executive and board-level security briefingsdeliver with authoritative oral and written communication, contextualizing technical risk findings within strategic business objectives.
  8. Industry partnerships, threat intelligence consortia, and external research communitiesrepresent the organization within, fostering knowledge exchange that elevates internal team expertise.
  9. Staffing, budget allocation, and technology investments for the penetration testing practicemanage with accountability for demonstrating return on security investment to organizational leadership.
  10. Education and training curricula for offensive security disciplinesdesign and institutionalize to build a continuous pipeline of competent practitioners aligned to evolving threat landscapes.

AI-at-Work Competency Framework

Sources:Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab.Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab.WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab.
Subscriber feature

Authoritative source data identified for 998 occupations

How a worker at each mastery level uses, directs, and evaluates AI tools in this occupation. Each statement cites its evidence inline; click a citation chip to verify the source.

Emerging
  1. AI-assisted recon queries — submits target domain names and IP ranges to an LLM to surface publicly known vulnerabilities and CVE summaries, then manually verifies each finding before including it in scope documentation Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  2. Payload suggestion intake — accepts AI-generated lists of common exploit payloads and wordlists for initial credential-stuffing or fuzzing runs, reviewing each entry against the rules of engagement before execution.
Developing
  1. Automated report drafting — delegates the first-pass narrative of a penetration test report to an AI tool by feeding it raw tool output (Nmap, Burp Suite logs), then rewrites technical findings to meet client-specific language and risk-rating standards Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  2. Vulnerability triage co-analysis — runs discovered CVEs and CVSS scores through an LLM to generate prioritized attack-path hypotheses, applying independent critical thinking to confirm or discard each path before escalation Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  3. Script scaffolding — directs an AI assistant to generate boilerplate Python or Bash exploit proof-of-concept scripts from a described attack scenario, then audits and modifies the code to match the actual target environment.
Proficient
  1. Multi-stage attack chain planning — constructs a full kill-chain outline by iterating with an LLM over recon data, enumerated services, and identified misconfigurations, while retaining sole authorship of lateral-movement and privilege-escalation decisions Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  2. Adversarial prompt stress-testing — applies LLM-based tooling to probe AI-integrated client applications for prompt injection and model manipulation vulnerabilities, documenting findings in standardized threat-modeling formats.
  3. Threat-intelligence synthesis — feeds OSINT feeds, dark-web excerpts, and vendor advisories into an AI pipeline to distill actor TTPs relevant to the client's sector, then cross-references output against MITRE ATT&CK before briefing stakeholders WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  4. False-positive triage automation — configures an AI-assisted workflow to filter scanner noise from Nessus or OpenVAS output, reserving human judgment for ambiguous findings that require contextual understanding of the client architecture Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
Advanced
  1. AI autonomy boundary governance — defines which penetration-testing sub-tasks (passive recon, log parsing, report grammar) are delegated fully to AI agents versus which (exploit validation, risk rating, client communication) require human sign-off, and enforces that boundary across the engagement lifecycle Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  2. Adversarial model evaluation — assesses the security posture of client-deployed LLMs and AI pipelines by designing custom red-team scenarios that test data exfiltration, jailbreak resilience, and supply-chain integrity, synthesizing results into executive-level remediation roadmaps WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  3. AI-augmented zero-day research — orchestrates LLM-assisted code-review pipelines over large proprietary codebases to surface novel attack surfaces, combining automated pattern recognition with deep manual exploitation research where automation feasibility is inherently bounded Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
Evidence pack
SAFI positioning
Top skill: Critical Thinking
Score: 57.9 / 100
precision: category_estimate
WEF cluster
Artificial Intelligence
artificial_intelligence
Sources:Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab.WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab.

Pathsmith Durable Skills Framework

Sources:Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Subscriber feature

Ten durable-skill domains mapped to four proficiency/role levels for each occupation. Each statement is aligned to the Pathsmith taxonomy, derived from trusted grounding data and mapped to occupation-specific O*NET tasks and skills.

1Communication14 statements
Emerging
  1. Reconnaissance findings summary — documents discovered attack surfaces and open ports in written reports using standardized templates Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Client intake communication — listens to scope and rules-of-engagement requirements during pre-engagement meetings to clarify testing boundaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Technical vocabulary use — applies basic cybersecurity terminology when describing vulnerability classes to team members during debriefs Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Vulnerability report drafting — writes structured penetration test reports that separate technical findings from executive summaries for mixed audiences Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Remediation explanation — translates exploit steps and CVSS scores into plain-language recommendations during client walkthrough sessions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Peer briefing — presents discovered attack chains to internal red-team members using clear, sequenced narrative during after-action reviews Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Executive briefing delivery — communicates critical risk findings to C-suite stakeholders by framing technical vulnerabilities in business-impact language during formal readouts Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Scope negotiation communication — articulates testing constraints, legal boundaries, and methodology choices to clients during rules-of-engagement negotiations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Evidence-based reporting — constructs reproducible proof-of-concept documentation with screenshots, tool output, and remediation steps in final deliverable reports O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  4. Cross-functional coordination — conveys active exploit timelines and system disruption risks to IT operations teams during live penetration test windows Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Threat narrative authoring — crafts comprehensive attack scenario narratives that connect individual vulnerabilities into systemic risk stories for board-level consumption Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Methodology communication leadership — standardizes report templates and client communication protocols across an entire penetration testing practice Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Public disclosure communication — presents original vulnerability research findings at industry conferences using precise, credible technical storytelling Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  4. Client education facilitation — leads post-engagement workshops that build client security teams' capacity to interpret and act on penetration test findings Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
2Leadership11 statements
Emerging
  1. Self-directed task initiation — identifies and begins reconnaissance phases of assigned engagements without waiting for step-by-step guidance Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Tool selection ownership — takes responsibility for selecting appropriate scanning tools for defined target environments during supervised engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Junior tester guidance — walks less-experienced colleagues through exploitation methodology and safe lab practices during team engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Engagement scoping leadership — takes ownership of pre-engagement planning documents including scope definition and timeline coordination with clients Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Responsible disclosure ownership — leads the coordinated disclosure process when zero-day vulnerabilities are discovered during client engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Red team lead execution — directs multi-person adversarial simulation campaigns by assigning targets, synchronizing attack phases, and consolidating findings Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Client relationship stewardship — maintains accountability for engagement quality, timeline adherence, and client satisfaction across multiple concurrent penetration test projects Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Incident escalation decision-making — assumes authority to halt or escalate a live test when unexpected critical system impact is detected Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Practice development leadership — builds and scales a penetration testing service line by defining hiring criteria, methodology standards, and quality benchmarks Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Mentorship program design — architects structured apprenticeship pathways that progress junior testers from script-based scanning to custom exploit development Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Strategic security roadmap influence — advises organizational leadership on multi-year offensive security program investment and maturity progression Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
3Metacognition10 statements
Emerging
  1. Skill gap recognition — identifies personal knowledge gaps in specific vulnerability classes such as web application or Active Directory attacks and seeks targeted learning Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Test approach reflection — reviews own reconnaissance methodology after each engagement to note steps that were skipped or performed inefficiently Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Attack hypothesis monitoring — tracks the validity of assumed attack paths during an engagement and consciously revises them when evidence contradicts initial assumptions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Learning strategy adaptation — adjusts study approaches when preparing for certifications such as OSCP or CEH based on self-assessed performance on practice labs Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Tool bias awareness — recognizes when over-reliance on automated scanners is limiting manual discovery and deliberately shifts to manual techniques Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Engagement debrief self-assessment — systematically evaluates own performance after each penetration test by comparing planned methodology against actual execution Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Cognitive load management — monitors own decision-making quality during high-complexity engagements and applies structured checklists when fatigue degrades judgment Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Knowledge transfer planning — identifies which personal expertise areas are undocumented and proactively creates internal knowledge base articles to externalize tacit skills Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Methodology evolution — continuously evaluates the effectiveness of personal and team attack frameworks against emerging defensive technologies and refines them accordingly Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Teaching as metacognitive calibration — uses the act of mentoring junior testers to surface and correct gaps in own conceptual understanding of exploitation techniques Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
4Critical Thinking12 statements
Emerging
  1. Vulnerability classification — distinguishes between false positive and confirmed vulnerability findings by cross-referencing scanner output against manual validation steps Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Attack surface reasoning — identifies which discovered open services represent plausible entry points based on known exploit availability and patch status Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Evidence evaluation — assesses credibility of OSINT data sources before incorporating findings into an attack plan during initial reconnaissance phases Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Exploit chain construction — links individual misconfigurations and vulnerabilities into multi-stage attack paths by reasoning through trust relationships and privilege boundaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Defense assumption challenge — questions whether client-reported security controls are actually effective by designing tests that probe assumed defensive boundaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Risk prioritization reasoning — ranks discovered vulnerabilities by exploitability and business impact rather than CVSS score alone when building report findings Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Adversarial hypothesis testing — formulates and systematically tests competing hypotheses about how a target environment may be compromised during a black-box engagement Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Ambiguity resolution — identifies and resolves logical inconsistencies in scope documentation by consulting client and referencing contractual rules of engagement Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Tool output interpretation — critically evaluates automated scanner reports to separate noise from signal before committing exploitation resources Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Threat model construction — builds comprehensive attack trees for complex enterprise environments by systematically analyzing all trust boundaries, data flows, and privilege escalation paths Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Defensive control evaluation — assesses the logical soundness of client security architectures and identifies systemic design flaws beyond individual vulnerability instances Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Novel attack vector reasoning — constructs original exploit logic for unique or custom application environments where no public exploit exists Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
5Collaboration11 statements
Emerging
  1. Team reconnaissance coordination — shares discovered hosts and open service information with fellow testers using shared tracking tools during team-based engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Findings consolidation participation — contributes individual test results to team reporting documents without duplicating or overwriting colleagues' work Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Cross-functional engagement coordination — collaborates with client IT staff to schedule testing windows that minimize disruption to production systems Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Red-blue team interaction — shares attack findings with client defensive teams during purple team exercises to jointly improve detection capabilities Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Peer review participation — reviews colleagues' exploit code and report drafts to catch errors and strengthen overall deliverable quality Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Multi-disciplinary engagement execution — coordinates with network, application, and social engineering specialists during complex red team operations to synchronize attack phases Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Client team integration — embeds within client security operations centers during assumed-breach exercises to collaborate on realistic adversary simulation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Conflict navigation — mediates disagreements between testing team members and client stakeholders over scope boundaries during active engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Community knowledge contribution — publishes original research, tools, or techniques to open-source security communities to advance collective practitioner knowledge Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Cross-organizational collaboration leadership — leads joint penetration testing exercises across multiple client organizations or vendor teams during coordinated red team engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Practice interoperability design — establishes information-sharing protocols between penetration testing and threat intelligence teams to create feedback loops that improve both functions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
6Character12 statements
Emerging
  1. Authorization boundary adherence — operates only within explicitly approved IP ranges and systems as defined in signed rules-of-engagement documentation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Confidentiality maintenance — handles client network diagrams, credentials, and findings with strict need-to-know discipline throughout engagement lifecycle Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Honest findings reporting — documents actual discovered vulnerabilities without inflating or minimizing severity to meet client expectations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Ethical dilemma navigation — escalates to engagement manager when discovered data suggests criminal activity or unintended third-party exposure rather than self-managing the situation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Professional accountability — acknowledges and documents own mistakes during engagements such as unintended service disruptions and immediately notifies client point of contact Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Scope discipline — resists pressure from clients to test systems outside the agreed scope and documents all such requests formally Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Legal compliance stewardship — ensures all engagement activities comply with computer fraud statutes, data protection laws, and contractual obligations before and during testing Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Conflict-of-interest management — discloses prior relationships with target organizations to engagement leadership before accepting assignments Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Responsible disclosure practice — follows structured coordinated disclosure timelines when reporting discovered zero-day vulnerabilities to vendors rather than pursuing personal gain Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Ethics framework development — authors organizational codes of conduct and ethical guidelines for penetration testing practice that exceed minimum legal requirements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Whistleblower courage — reports observed unethical practices by colleagues or clients to appropriate authorities despite professional or financial risk Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Industry standard stewardship — contributes to professional body guidelines such as PTES or OWASP standards to elevate ethical practice across the penetration testing profession Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
7Creativity11 statements
Emerging
  1. Non-standard tool combination — combines multiple open-source reconnaissance tools in non-default configurations to map attack surface features that single tools miss Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Social engineering scenario ideation — proposes original phishing pretexts tailored to target organization's industry and employee roles during pre-engagement planning Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Custom payload crafting — writes original shellcode or script-based payloads that evade signature-based detection when standard tools are blocked by client defenses Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Novel lateral movement path discovery — identifies unconventional trust relationships between systems such as shared service accounts or legacy protocols that create unexpected pivot opportunities Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Attack scenario innovation — designs creative assumed-breach scenarios that simulate realistic advanced persistent threat behaviors rather than generic vulnerability exploitation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Bespoke exploit development — creates purpose-built exploits for proprietary or custom application vulnerabilities where no public proof-of-concept exists Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Evasion technique invention — engineers novel defense evasion techniques that bypass next-generation endpoint detection by combining living-off-the-land binaries with custom obfuscation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Testing methodology innovation — develops original engagement frameworks for emerging environments such as OT/ICS, IoT, or AI model interfaces that lack established testing standards Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Original vulnerability research — discovers and documents previously unknown vulnerability classes in widely used software platforms through independent creative investigation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Adversary emulation design — invents novel threat actor simulation playbooks based on creative extrapolation of emerging threat intelligence that does not yet have codified TTPs Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Tool creation and publication — engineers and releases original penetration testing tools that introduce new capabilities to the professional community Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
8Growth Mindset11 statements
Emerging
  1. Certification pursuit — enrolls in hands-on security training programs such as HackTheBox or TryHackMe to build foundational exploitation skills beyond job requirements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Failure analysis — reviews unsuccessful exploit attempts to extract technical lessons rather than abandoning difficult targets Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Feedback integration — incorporates peer review comments on penetration test reports into revised drafts and future report structures Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Skill domain expansion — actively practices techniques outside current specialty such as a network tester learning mobile application assessment to broaden engagement capability Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Defensive knowledge pursuit — studies blue team tools and techniques to improve understanding of how attacks are detected and use that knowledge to refine offensive approaches Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Continuous threat intelligence integration — regularly updates personal attack playbooks based on newly published CVEs, threat actor TTPs, and defensive research Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Credential renewal commitment — maintains and advances professional certifications such as OSCP, GPEN, or CRTO through ongoing study and periodic recertification Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Post-engagement learning protocol — conducts structured personal debriefs after each engagement to extract lessons that improve methodology for subsequent tests Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Learning culture cultivation — establishes internal knowledge-sharing rituals such as weekly technique demonstrations and capture-the-flag competitions that elevate team-wide skill growth Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Emerging technology proactive mastery — independently researches and develops offensive techniques for new technology paradigms such as cloud-native, AI systems, or quantum-resistant cryptography before client demand emerges Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Public learning contribution — authors blog posts, conference talks, or training courses that share hard-won penetration testing lessons with the broader security community Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
9Mindfulness10 statements
Emerging
  1. Scope awareness maintenance — pauses before executing each exploit step to confirm the target is within approved engagement boundaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Attention management — uses structured checklists to maintain focus on engagement objectives during long reconnaissance phases that produce large volumes of distracting data Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Stress response regulation — applies deliberate slowdown techniques when under client deadline pressure to prevent rushed decisions that could cause unintended system damage Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Ethical moment awareness — maintains conscious awareness of the potential real-world impact of each exploit action on production systems and data during live engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Cognitive fatigue recognition — identifies personal signs of decision fatigue during extended engagements and schedules deliberate recovery breaks before continuing high-risk testing activities Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Intentional tool execution — reviews every command and script parameter before execution in production-adjacent environments to prevent unintended destructive actions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Emotional regulation during conflict — maintains composed, professional demeanor when clients dispute findings or challenge methodology during tense readout sessions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Present-moment situational awareness — monitors live engagement indicators continuously during active exploitation phases to detect unexpected defensive responses or system instability Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Team mindfulness modeling — demonstrates and coaches intentional, high-consequence decision-making practices that become standard operating procedure across the penetration testing team Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. High-stakes composure leadership — maintains and projects calm, methodical judgment during zero-day disclosure events or active incident-adjacent testing scenarios that carry significant organizational risk Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
10Fortitude11 statements
Emerging
  1. Persistence through failed exploits — continues attempting alternative exploitation techniques when initial approaches are blocked by defenses rather than escalating prematurely Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Ambiguity tolerance — proceeds with reconnaissance in black-box engagements where no documentation or insider knowledge is provided Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Sustained effort under complexity — maintains systematic progress through multi-week red team engagements that involve repeated dead ends and resets of attack approach Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Client pushback resilience — upholds accurate risk severity ratings in reports when clients pressure testers to downgrade findings to avoid remediation costs Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Technical dead-end navigation — pivots to alternative attack vectors after exhausting one approach without losing momentum or abandoning engagement objectives Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Extended campaign endurance — sustains high-quality adversarial simulation performance across multi-month engagements that require continuous adaptation to evolving defensive countermeasures Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Unpopular finding delivery — presents critical findings that implicate senior client stakeholders or flagship products with professional courage and factual grounding Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Uncertainty navigation — operates effectively in fully black-box environments with no prior intelligence by building structured uncertainty tolerance into personal engagement methodology Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Organizational risk courage — escalates findings of critical systemic vulnerability to executive leadership even when the engagement sponsor resists disclosure Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Profession-level persistence — continues advancing offensive security research through periods of industry skepticism or legal ambiguity about emerging testing domains such as AI system exploitation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Team resilience building — coaches penetration testing teams to maintain engagement quality and morale during high-pressure client relationships or back-to-back demanding engagements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Sources:Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Show O*NET source anchors42 anchors · skillscrosswalk.com

O*NET enrichment · skillscrosswalk.com

Suggest an O*NET correction

Source anchors that ground each statement

Related titles
Application Security Assessor · Application Security Hacker · Application Security Tester · Certified Hacker · Certified Tester · Consulting Advisory Tester · Cyber Analyst · Cyber Assessment Tester · Cyber Assessor · Cyber Security Engineer · Cyber Security Tester · Cyber Tester
RAPIDS apprenticeships
O*NET skills
Critical ThinkingReading ComprehensionActive ListeningComplex Problem SolvingSpeakingJudgment and Decision MakingWritingActive Learning
Knowledge domains
Computers and ElectronicsEnglish LanguageMathematicsEngineering and TechnologyCustomer and Personal ServiceAdministration and ManagementEducation and TrainingDesign
Abilities
Written ComprehensionOral ComprehensionDeductive ReasoningOral ExpressionInductive ReasoningInformation Ordering
Work styles
Attention to DetailDependabilityIntellectual CuriosityIntegrityCautiousnessInnovation
Technology
Data base user interface and query softwareExpert system softwareOperating system softwareDevelopment environment softwareObject or component oriented development softwareData base management system softwareApplication server softwareNetwork security and virtual private network VPN equipment softwareComputer aided design CAD softwareCloud-based management software
Tasks · seed anchors for statements
  1. Troubleshoot program and system malfunctions to restore normal functioning.
  2. Provide staff and users with assistance solving computer-related problems, such as malfunctions and program pr
  3. Test, maintain, and monitor computer programs and systems, including coordinating the installation of computer
  4. Use the computer in the analysis and solution of business problems, such as development of integrated producti
CIP education codes
11.010111.030111.040111.070111.100526.110326.110430.080130.160130.300130.310140.051243.040351.2706

Sources: O*NET v30.2 (CC BY 4.0), SkillsCrosswalk.com, LER.me, Anthropic Economic Index, SAFI (Jadhav & Danve, 2026), WEF Skills Taxonomy 2021, Pathsmith Durable Skills Framework. © 2026 EBSCOed.