What is the difference between a penetration test engineer and a network security engineer? where to study

Penetration testing engineers mainly conduct white hat penetration attack tests on the host layer, network layer, application layer, etc., and discover system vulnerabilities;

Network security engineers are responsible for testing company websites and business systems Conduct security assessment and testing; perform security reinforcement on various company systems; respond to company security events, clean up backdoors, and analyze attack pathways based on logs; conduct research on security technology, including security prevention technology, hacker technology, etc.; track the latest vulnerability information and conduct business Product safety inspection. The scope of responsibilities is broader and includes penetration testing work.

Penetration testing engineers are mainly responsible for the implementation of penetration testing technical services and writing penetration testing reports; responsible for penetration testing technology exchanges and training; responsible for code auditing, vulnerability detection and verification, and vulnerability mining; responsible for the latest penetration testing technology Study, research.

Applying for the position of penetration testing engineer:

Familiar with network protocols such as switching and routing, familiar with ACL, NAT and other technologies, familiar with network product configuration and working principles; familiar with operating systems such as LINUX and AIX Security configuration; familiar with database security configuration such as ORACLE, MSSQL, MYSQL, etc.; familiar with application security configuration such as WEB, FTP, email, etc.;

Able to skillfully use various penetration testing tools, familiar with manual injection, uploading, and man-in-the-middle attack testing , Business logic vulnerability testing;

Familiar with HTML, XML, ASP, PHP, JSP and other scripting languages, and can use C/C++, JAVA, .net, PYTHON, etc. for program development;

Familiar with Trojans, backdoor technology, SHELLCODE technology, anti-virus technology, password cracking technology, vulnerability mining technology, remote control technology, etc.

Requirements for applying for the position of network security engineer:

Bachelor’s degree in computer applications, computer networks, communications, information security and other related majors, and more than three years of work experience in the field of network security;

Proficient in network security technologies: including port and service vulnerability scanning, program vulnerability analysis and detection, rights management, intrusion and attack analysis and tracking, website penetration, virus and Trojan horse prevention, etc.

Familiar with TCP/IP protocol, familiar with SQL injection principles and manual detection, familiar with memory buffer overflow principles and preventive measures, familiar with information storage and transmission security, familiar with data packet structure, familiar with DDoS attack types and principles. Certain experience in DDoS attack and defense, familiar with iis security settings, familiar with ipsec, group policy and other system security settings;

Familiar with windows or linux systems, proficient in at least one of php/shell/perl/python/c/c++, etc. Language;

Understand the configuration and use of mainstream network security products {such as fw (firewall), ids (intrusion detection system), scanner (scanner), audit, etc.};

Be good at Expressive communication, honesty and trustworthiness, strong sense of responsibility, emphasis on efficiency, and good teamwork spirit.