Penetration Tester / Red Team в IT — рынок СНГ и Европы

Медиана Pentester — $4528/мес по данным Zorky CRM (11 активных вакансий — узкий specialty за счёт rare-skill + consultancy-heavy + bug bounty hunters independent). Premium-сегмент за счёт rare-skill combination (offensive mindset + programming + multiple specialties). Senior с OSCP + multi-domain expertise (web + network + AD) — $6500-9500. Senior в российских security consultancies (BI.ZONE — most active Russian pentest consultancy + Positive Technologies EXPERT Security Center + Group-IB / FACCT + Лаборатория Касперского Red Team + Solar (МТС RED) + USSC) — $7000-10500. Senior в банках РФ (internal pentest teams) — $7000-10500. Международные premium consultancies (Mandiant Google / CrowdStrike Services / Bishop Fox / NCC Group UK / IOActive / Trail of Bits / TrustWave / Coalfire / Synack Red Team / Big 4 cybersecurity — KPMG / Deloitte / PwC / EY) — $9000-15000+ Senior. Big Tech offensive teams (Google Project Zero / Apple SEAR / Meta Red Team / Microsoft MORSE) — $14000-25000+ Senior + RSU (extremely rare hiring). Top bug bounty hunters — $100K-500K+/год от HackerOne / Bugcrowd / Standoff payouts (independent lifestyle). Премиум-доплаты: OSCP +20-30% (entry credibility), OSEP / OSED / OSCE3 +20-40%, OSWE для web focus +15-25%, CRTO +15-25%, published CVEs / 0-days +30-100% (rare-skill premium), HackerOne / Bugcrowd top-100 reputation +20-50%.

Junior — typical entry: 1) Self-taught + HackTheBox / TryHackMe + OSCP cert + bug bounty findings → consultancy Junior, 2) Computer Science / Cybersecurity graduate + internship at security consultancy, 3) SOC Analyst / AppSec / DevSecOps Middle + offensive specialization pivot. Скачок Junior → Middle — после первых 10-20 real pentest engagements + OSCP cert + first high-severity finding в bug bounty. Middle → Senior — multi-domain expertise (web + network + AD + mobile + cloud), complex multi-vector engagements lead, customer-facing report defense, methodology development. Senior → Lead / Principal — team leadership + tooling development internal + customer relationship management. Career-flow: Self-taught + bug bounty (1-2 года) или Graduate + OSCP (1 год) → Junior Pentester (1-2 года) → Middle (2-3 года) → Senior → либо Lead Pentester (team management), либо Red Team Operator (premium consultancy track — Cobalt Strike mastery + APT emulation), либо specialty deep (Mobile / Cloud / Hardware / Web — premium), либо Bug Bounty Hunter full-time (lifestyle independent), либо AppSec Senior pivot (preventive side).

Москва Senior Pentester — $6500-10000/мес (security consultancies доминируют — BI.ZONE (most active Russian pentest consultancy — Red Team / Pentest / DFIR services), Positive Technologies (PT EXPERT Security Center — крупнейший pentest team в РФ + Standoff Cyber Range premium employer), Group-IB / FACCT (DFIR + Red Team), Лаборатория Касперского Red Team (Kaspersky GReAT — Global Research & Analysis Team — premium APT research), Solar (МТС RED) (Solar Pentest), USSC, InfoSecurity, ICL Services, R-Vision; банки РФ — внутренние pentest teams + external engagements (Сбер.Tech / Тинькофф / ВТБ / Альфа / Газпромбанк); Яндекс Yandex Red Team / Hunters; Сбер Cyber Defense Center). СПб $6000-9500. Минск/Киев $5500-9000 Senior. Польша €7000-11000 gross Senior. Германия €80-120K/год Senior. 50.0% — удалёнка (часто гибрид за счёт client-facing engagements + security clearances для defense / госы). Аутсорсеры (EPAM Security / Luxoft Security Red Team Practice) — почти всегда remote, $7500-12000 Senior на US-pentest projects. Международные premium consultancies (Mandiant Google — DFIR + Red Team / CrowdStrike Services / Bishop Fox / NCC Group UK / IOActive / Trail of Bits / TrustWave / Coalfire / Synack Red Team) — full-remote $9000-15000+ Senior. Big 4 cybersecurity: KPMG / Deloitte / PwC / EY — $8000-13000 Senior, premium ascending. Big Tech offensive teams (Google Project Zero — найм только топ-исследователей с published 0-days / Apple SEAR / Meta Red Team / Microsoft MORSE — Microsoft Offensive Research and Security Engineering) — $14000-25000+ Senior + RSU. Bug bounty independent hunters: top-tier HackerOne reputation hunters — $100K-500K+/год payouts (несколько Russian top hunters в global top-50 — public information). Премиум-доплаты для OSCE3 holders (OSEP + OSWE + OSED) + published CVEs / 0-days — $11000-18000+ Senior на international remote.

Топ-5: go, rails, scala. OS: Kali Linux (industry standard pentest distribution — 600+ pre-installed tools) + Parrot OS / BlackArch (alternatives) + Commando VM (Windows pentest distribution). Web Application pentesting: Burp Suite Professional mastery (PortSwigger — industry standard manual pentest — Burp Collaborator для blind vulnerabilities, Burp Intruder для fuzzing, Burp Repeater для request manipulation, Burp Extensions ecosystem — must license $449/year, BAppStore с 250+ extensions), Caido (rising 2024+ — Rust-based modern alternative с лучшим UX), OWASP ZAP (free standard), sqlmap (SQL injection automation), ffuf (fastest content discovery — Go-based), gobuster + feroxbuster, Nuclei (ProjectDiscovery — templated vulnerability scanner — leader 2026 для bug bounty automation), Postman + Insomnia для API testing. Network pentesting: Nmap mastery (network discovery + version detection + NSE scripting в Lua), Masscan (fastest port scanner), Wireshark + tcpdump (packet analysis), Responder (Windows protocol abuse — LLMNR / NBT-NS / mDNS poisoning), NetExec (former CrackMapExec — Windows / AD Swiss Army knife), Impacket mastery (smbexec / wmiexec / psexec / GetUserSPNs / secretsdump / ntlmrelayx — must для AD), BloodHound (Active Directory attack path visualization — must для AD assessment, Neo4j-based), PowerView / PowerSploit (PowerShell AD recon + exploitation), mitm6 (IPv6 DNS spoofing), Certify / Certipy (AD Certificate Services attacks — ESC1-ESC11 rising 2022+). Exploitation frameworks: Metasploit Framework (Rapid7 — foundational, 2000+ exploits), Cobalt Strike (Fortra — premium commercial C2 $$ — industry standard для Red Team — $5000/user/year, malleable C2 profiles для evasion), Sliver (BishopFox — open-source modern C2 — rising 2024+ Russian-speaking community big), Mythic (modular C2), Havoc (modern open-source C2 — popular в Russian-speaking community), Brute Ratel (commercial Israeli alternative), Empire / Starkiller (PowerShell C2 — legacy). Mobile pentesting: MobSF (Mobile Security Framework — open-source automated mobile app analysis), Frida (dynamic instrumentation — JavaScript scripts для runtime modification), Objection (Frida wrapper), apktool + jadx (Android RE), Hopper + Ghidra + IDA Pro (iOS RE), Charles Proxy + mitmproxy (mobile traffic + SSL pinning bypass через Frida scripts), Drozer (Android security framework). Wireless: Aircrack-ng suite (Wi-Fi cracking standard) + Kismet + Wifite + Hashcat (GPU-accelerated password cracking — fastest, NVIDIA RTX 4090 cluster хорошо) + John the Ripper (CPU-focused alternative). Reverse engineering: Ghidra (NSA-released — free industry standard) + IDA Pro (Hex-Rays — commercial industry standard $$ + Hex-Rays Decompiler add-on essential) + x64dbg (Windows debugger) + radare2 + Cutter (open-source) + Binary Ninja (modern commercial) + Hopper (macOS / iOS). Cloud pentesting (rising 2024+): Pacu (Rhino Security Labs — AWS exploitation framework), ScoutSuite + CloudSploit, WeirdAAL (AWS attack library), CredKing (Azure AD password spray), ROADtools (Azure AD recon — must для Azure AD pentest), MicroBurst (PowerShell Azure attacks). Reconnaissance: amass (OWASP — comprehensive subdomain enumeration) + subfinder (ProjectDiscovery — fast) + assetfinder + httpx (HTTP probe) + waybackurls + gau (Wayback Machine + AlienVault OTX + Common Crawl URLs harvester), Shodan + Censys (internet asset search — must subscription $100-500/month for serious pentesters), theHarvester (OSINT email collection), Maltego (graph-based OSINT — premium-tier). Bug Bounty platforms: HackerOne (largest US) + Bugcrowd + Intigriti (European) + YesWeHack (French) + Synack Red Team (vetted premium) + Standoff Bug Bounty (PT — крупнейший в РФ) + Bug Bounty Russia. AI-assisted pentesting (rising 2024+): PentestGPT + HackerAI + GPT-4 / Claude для exploit dev assistance + automated reconnaissance. Reporting: Pwndoc (open-source generator) + Dradis (commercial / community) + SysReptor (rising 2024+) + Markdown templates / custom workflows + screenshot tools (Flameshot / ShareX). Languages: Python primary (custom exploits + automation + Burp extensions) + bash + PowerShell mastery + C / C++ для binary exploitation + JavaScript для web exploitation (XSS / prototype pollution) + assembly basics для reverse engineering.

Pentester (эта страница) — focus на scoped active exploitation (web / network / mobile / cloud). Typical engagement: 5-15 days, scope defined (specific URLs / IPs / mobile apps), goal — find vulnerabilities + demonstrate exploitation + report. Often consultancy-based (BI.ZONE / PT / Mandiant). Зарплаты $4500-9500. Red Team Operator — focus на adversarial simulation: APT (Advanced Persistent Threat) emulation, stealth-first, multi-week / multi-month engagements, goal — test defenses end-to-end (initial access → lateral movement → privilege escalation → data exfiltration → C2). Stack-specific: Cobalt Strike / Sliver mastery + custom C2 profiles + EDR evasion + OPSEC-aware. Premium-tier specialty. Зарплаты $7000-12000 Senior. Bug Bounty Hunter — independent или employed-side. Focus на finding unique vulnerabilities в public / private bug bounty programs (HackerOne / Bugcrowd / Standoff). Income = payouts ($500-50K+ per finding, $100K+ для critical). Lifestyle independent (top-tier — full-time without employer). Часто web / mobile / API focus. AppSec Engineer — focus на preventive product code security: SAST findings triage + threat modelling + secure code review. Defensive perspective. См. Application Security (AppSec). Зарплаты $5500-10000. Reality 2026 (overlap heatmap): Pentester ↔ Red Team: 60% overlap (Red Team = специализация Pentest). Pentester ↔ Bug Bounty: 70% overlap (similar offensive mindset, different engagement model). Pentester ↔ AppSec: 40% overlap (both think offensively, но AppSec preventive vs Pentest active exploit). Career-pivots: Pentester Senior → Red Team Operator — 6-12 месяцев (нужно add Cobalt Strike mastery + EDR evasion + APT TTPs). Pentester Senior → AppSec Senior — 3-6 месяцев (translating offensive intuition к defensive code review). Bug Bounty Hunter → Pentester employed — easy (resume = bug bounty reputation). Career-выбор: Pentester (employed) if хочешь structured work + stable income + variety of engagements + customer-facing skills, Red Team (consultancy) if elite premium-tier + APT emulation deep + Cobalt Strike mastery + travel ok, Bug Bounty Hunter if hunting deep solo + lifestyle flexibility + comfortable с income variance + risk-tolerant, AppSec if preventive + product engineering collaboration интересен.

Reference pentest methodology 2026 (PTES — Penetration Testing Execution Standard + OWASP Testing Guide + NIST SP 800-115 hybrid): 1) Pre-engagement — scope definition (in-scope IPs / domains / mobile apps / cloud accounts + out-of-scope), Rules of Engagement (ROE — что разрешено / запрещено, working hours, customer contacts), legal agreements (SOW + NDA + indemnification), test environment setup (test accounts + VPN access). Mandate: never start без written authorization. 2) Reconnaissance (passive) — OSINT (open-source intelligence): subdomain enumeration (amass + subfinder + crt.sh certificate transparency logs), Shodan / Censys queries для exposed services, theHarvester для employee emails, social media mining (LinkedIn / Twitter — для phishing pretexts), Wayback Machine / Common Crawl для historical artifacts. 3) Reconnaissance (active) — Nmap scanning (TCP + UDP + version detection + NSE scripts), Masscan для large ranges, web crawling (Burp Spider + manual), API discovery (Swagger / OpenAPI / GraphQL introspection), wireless reconnaissance (Kismet + Aircrack-ng) если physical scope. 4) Vulnerability identification — Nuclei templated scanning, manual testing с Burp Suite Pro, mobile static analysis (MobSF + jadx + Hopper), cloud configuration analysis (ScoutSuite + Prowler), credential password spraying (NetExec / Hydra), default credentials testing. 5) Threat modelling per finding — for each identified vulnerability: severity assessment (CVSS 3.1 base + temporal + environmental), exploitability analysis, business impact estimation. 6) Exploitation — proof-of-concept (PoC) development demonstrating real impact (vs theoretical). Web: SQLi + XSS + IDOR + SSRF + RCE chains. Network: AD attacks (Kerberoasting + ASREPRoasting + AS-REP + DCSync + Golden Ticket / Silver Ticket + AD CS ESC1-11). Mobile: SSL pinning bypass + sensitive data extraction + IPC abuse. Cloud: IAM privilege escalation + cross-account attacks. 7) Post-exploitation (если в scope) — lateral movement (Impacket + BloodHound paths + pass-the-hash + pass-the-ticket), privilege escalation, persistence (если Red Team scope), data discovery (file system + databases + cloud storage). 8) C2 (Red Team specific) — Cobalt Strike / Sliver beacon establishment + AMSI bypass + EDR evasion + DNS / HTTPS / SMB pivoting. 9) Evidence collection — screenshots + commands logs + HAR files + Burp project files + video recording для complex chains. Maintain chain-of-custody (legal compliance). 10) Reporting — comprehensive report с executive summary + methodology + findings (severity-ranked) + PoC reproductions + business impact analysis + remediation recommendations + retest plan. Tools: Pwndoc + Dradis + SysReptor. 11) Customer presentation — debrief meeting с technical + management audiences. Customer-facing skills critical. 12) Retest (typical 30-90 days post-report) — verify remediations effective + update report. Cross-cutting: OPSEC (Operations Security) — Red Team-specific (никаких traces, никаких false-positives, никаких production-impacting actions без авторизации). Communication — regular customer check-ins (daily standup для multi-week engagements). Methodology frameworks: PTES (oldest), OWASP WSTG (Web Security Testing Guide — most detailed для web), MITRE ATT&CK (categorization of TTPs), NIST SP 800-115 (US government standard). Senior Pentester должен знать все frameworks + adapt methodology per engagement scope.

Да, 50.0% Pentester-вакансий — full-remote или гибрид, но с caveats: 1) Most pentest work cloud-based (test target accessible через VPN), но 2) Internal network pentest часто требует on-site presence или physical hardware shipment (Wi-Fi pentest + USB-based attacks + physical security assessment — defense / госы / banks). 3) Red Team Operator engagements чаще remote (long-term C2 maintenance from home okay) but client-facing debriefs гибрид. 4) Bug Bounty Hunters могут быть полностью independent (lifestyle full-remote с bug bounty payouts) — top-tier hunters travel часто (DEF CON / Black Hat / pwn2own / local conferences). 5) Security clearances для defense / госкомпаний РФ + US (если international remote) — on-site mandatory. Russian security consultancies (BI.ZONE / PT EXPERT Security Center / Лаборатория Касперского Red Team / Solar / USSC) — гибрид или remote после security background-check (extensive — может занимать 2-6 месяцев). Российские банки — внутренние pentest teams гибрид/офис. Международные premium consultancies (Mandiant / CrowdStrike Services / Bishop Fox / NCC Group / IOActive / Trail of Bits / TrustWave / Synack Red Team) — full-remote standard. Big 4 cybersecurity (KPMG / Deloitte / PwC / EY) — гибрид с client visits. Big Tech offensive teams (Google Project Zero / Apple SEAR / Meta Red Team / Microsoft MORSE) — гибрид-standard, extremely rare hiring. Релокант-хабы для pentest: США (Bay Area + DC defense cluster + Las Vegas DEF CON-friendly) / UK (London — NCC Group HQ) / Германия (Berlin AI cluster + security consultancies) / Канада / Сербия / Грузия. Английский для international Pentest-remote — must (DEF CON / Black Hat / Hack in Paris / OffSec OSCP / vendor docs Burp Suite / Cobalt Strike — англоязычные).

Pentester (general) — scoped engagement: customer says «pentest these 10 web apps + these 5 IP ranges», goal — find as many high-severity vulnerabilities as possible в 5-15 days, comprehensive report. Stack: Burp Suite + Nmap + Metasploit + Nuclei + Kali Linux. Red Team Operator — adversarial simulation: customer says «assume initial access, see how far you get without being detected by SOC team», goal — test defenses end-to-end, stealth-first, multi-week / multi-month engagement. Stack-specific: Cobalt Strike (industry standard — premium commercial $5000/user/year) или Sliver / Mythic / Havoc / Brute Ratel (modern alternatives) — C2 mastery + malleable profiles для EDR evasion + custom obfuscation + OPSEC-aware. Multi-stage attack chains: 1) initial access (phishing / supply chain / exposed services / 0-day exploitation), 2) establish C2 beacon, 3) reconnaissance (BloodHound + ADExplorer + custom enumeration), 4) privilege escalation (Windows: token manipulation + UAC bypass + service abuse + AD CS ESC1-11; Linux: SUID + capabilities + Docker breakout + kernel exploits), 5) lateral movement (Pass-the-Hash + Pass-the-Ticket + WMI + PSRemoting + RDP), 6) persistence (scheduled tasks + WMI subscription + DLL sideloading + ADCS ESC8 — DA escalation persistence), 7) data discovery + exfiltration (cloud storage + databases + file shares — exfil через DNS / HTTPS / Slack webhooks). EDR evasion mastery: AMSI bypass, ETW bypass, syscalls direct invocation (Hell's Gate / Halo's Gate / SysWhispers), payload obfuscation (Donut + Inceptor + Scarecrow), shellcode encryption + runtime decryption. OPSEC discipline: no fingerprinted commands, no production-impacting actions, no traces в logs (ETW disable + named pipe communication + in-memory only). Premium-tier consultancies: Mandiant / CrowdStrike Services / Bishop Fox / IOActive / Trail of Bits / Synack Red Team / в РФ — BI.ZONE Red Team / Лаборатория Касперского GReAT (Global Research & Analysis Team) / PT EXPERT Security Center Red Team. Certifications: OSEP (Offensive Security Experienced Pentester — best для Red Team) + CRTO (Certified Red Team Operator — Zero-Point Security — rising 2024+) + CRTL (Lead). Зарплаты: Red Team Operator — премиум над general Pentester +20-40%. Senior Red Team — $8000-13000 в РФ consultancies, $10000-16000+ international. Career-flow: Pentester Senior + Cobalt Strike mastery + APT TTPs studied + first Red Team engagement → Red Team Operator — 6-12 месяцев.

В топе: BI.ZONE, Positive Technologies, Mandiant. Russian security consultancies (крупнейший pentest-employer channel в СНГ): BI.ZONE (most active Russian pentest consultancy — Red Team / Pentest / DFIR / Threat Intelligence services), Positive Technologies (PT EXPERT Security Center — крупнейший pentest team в РФ + Standoff Cyber Range premium employer для top researchers), Group-IB / FACCT (DFIR + Red Team services после раздела), Лаборатория Касперского (Kaspersky GReAT — Global Research & Analysis Team — premium APT research), Solar (МТС RED) (Solar Pentest), USSC (ЮССК — крупный security consultant), InfoSecurity, ICL Services, R-Vision, Cyber Defense Center (CDC), Angara Security. Russian banks (internal pentest teams + external Red Team engagements): Сбер.Tech (Cyber Defense Center — internal pentest), Тинькофф, ВТБ, Альфа-Банк, Газпромбанк, Райффайзен, МКБ. Яндекс (Yandex Red Team + Yandex Bug Bounty + Hunters). Other Russian tech: Ozon / VK / Wildberries / X5 Group / МТС internal Red Teams. Госкомпании / defense: РТК / Ростелеком / Газпром / Роснефть / Атомэнергопроект / Росатом (specialized clearances required). Аутсорсеры (less common для pure pentest — обычно отдельные consultancies): EPAM Security Practice (есть pentest sub-team) / Luxoft Security. Международные premium consultancies (full-remote премиум): Mandiant (Google — DFIR + Red Team services — leader), CrowdStrike Services (Red Team + Incident Response), Bishop Fox (US — pentest leader), NCC Group (UK — global pentest leader), IOActive (US — hardware + IoT pentest specialty), Trail of Bits (US — research-heavy + blockchain security), TrustWave, Coalfire, Rapid7 Services, Synack Red Team (vetted premium — researchers earn payouts + base salary). Big 4 cybersecurity: KPMG / Deloitte / PwC / EY — pentest divisions (enterprise consulting). Bug bounty platforms (internal hiring): HackerOne (largest) / Bugcrowd / Intigriti / Synack — внутренние Red Team / Triage teams. Big Tech offensive teams (extremely rare hiring — топ-tier): Google Project Zero (только топ-исследователи с published 0-days), Apple SEAR (Security Engineering and Architecture), Meta Red Team, Microsoft MORSE (Microsoft Offensive Research and Security Engineering), Amazon Offensive Security. Y Combinator security startups: Hadrian / Pentera / Cymulate (automated pentest platforms — also hire pentesters для product). Independent Bug Bounty: top-tier HackerOne hunters lifestyle-independent — $100K-500K+/год payouts.

Roadmap: 1) Foundation — Linux mastery + Windows internals + networking deep (TCP / UDP / DNS / HTTP / TLS / routing) + Python deep + bash + PowerShell. Без этого base нет смысла идти в pentest. 2) Cybersecurity fundamentals — OWASP Top 10 deep, CIA Triad, applied cryptography, common attack patterns. Книга: «The Web Application Hacker's Handbook» Stuttard / Pinto (must-read despite age 2011). 3) HackTheBox + TryHackMe hands-on (must — best practical pentest training 2026). Start с easy boxes → medium → hard. Aim 50+ boxes solved before applying for pentest jobs. 4) PortSwigger Web Security Academy (free — best web pentest training 2026, must-do все labs). Get PortSwigger BSCP (Burp Suite Certified Practitioner) — premium web pentest cert. 5) Active Directory pentesting — TryHackMe AD path + HackTheBox Pro Labs Dante / Offshore / RastaLabs. Learn BloodHound + Impacket + NetExec mastery. «Hacking: The Art of Exploitation» Jon Erickson (classic). 6) OSCP (Offensive Security Certified Professional) — must для pentest credibility. Hands-on 24-hour practical exam + 24-hour report. Cost ~$1500-2000 для course + exam. Prep: PWK course materials + HackTheBox + TryHackMe. Average prep: 3-6 months focused study. 7) Bug bounty hands-on — register HackerOne / Bugcrowd / Intigriti / Standoff Russian. Start с public programs — focus на low-hanging fruits (CSRF + reflected XSS + IDOR + SSRF). Even small findings build reputation + resume. 8) Mobile pentesting (specialty): MobSF + Frida + apktool + jadx. OWASP Mobile Top 10. «OWASP MASTG» (Mobile Application Security Testing Guide — free). 9) Cloud pentesting (rising 2024+): Pacu + ROADtools + ScoutSuite. «Hands-On AWS Penetration Testing with Kali Linux» book. 10) Reverse engineering basics: Ghidra mastery (free) + practice Crackmes (crackmes.one) + reverse simple Windows malware. 11) Red Team progression: CRTO (Certified Red Team Operator — Zero-Point Security — rising 2024+, more affordable чем OSEP), OSEP (Offensive Security Experienced Pentester — official advanced). Cobalt Strike learning (если employer-provided). 12) Advanced certs (premium path): OSWE (Web Expert), OSED (Exploit Developer — binary exploitation deep), OSCE3 (umbrella OSEP + OSWE + OSED — premium tier). GIAC: GPEN, GWAPT, GXPN — alternative track. 13) CVE / 0-day research (premium path) — find vulnerabilities в open-source software, responsibly disclose, publish advisories. Single published CVE — massive resume boost. 14) Pet-проект portfolio: a) HackTheBox profile с 50+ machines + Pro Labs completion; b) bug bounty reputation на HackerOne / Bugcrowd / Standoff (target ≥100 reputation); c) Custom Burp Extension published на BAppStore; d) Blog write-ups для published HackTheBox / TryHackMe / bug bounty findings. Курсы РФ: BI.ZONE Cybersecurity Academy (best Russian pentest training — has Red Team specialization), Positive Technologies Education (premium PT-specific training + Standoff Cyber Range), Securitm, HackerU Russia (legacy — расформирован 2023 но materials доступны), Pentestit (ЛК и pentestit.ru), Specialist (МГТУ). International (eng) — Offensive Security: PWK / OSCP (must — industry standard), OSEP + OSWE + OSED (advanced), SANS courses (SEC560 / SEC542 / SEC660 — premium expensive), Zero-Point Security CRTO (Red Team — rising 2024+), Pentester Academy, INE (eLearnSecurity successor — eJPT / eCPPT / eWPT / eWAPT track — more affordable than OffSec). Books-must: «The Web Application Hacker's Handbook» Stuttard / Pinto, «Hacking: The Art of Exploitation» Jon Erickson, «Penetration Testing» Georgia Weidman (intro), «The Hacker Playbook» Peter Kim (series 1-3), «Red Team Field Manual (RTFM)» + «Blue Team Field Manual (BTFM)» (pocket references). Communities: HackTheBox Discord, TryHackMe Discord, r/netsec, r/AskNetsec, r/HowToHack, r/cybersecurity, OffSec Discord, Telegram @pentest_ru, @bug_bounty_ru, @hackmyass. Conferences: DEF CON (Las Vegas — крупнейшая hacker conference), Black Hat (Las Vegas + EU + Asia), OffensiveCon (Berlin), PHDays (Positive Hack Days — Moscow — крупнейшая в РФ), ZeroNights (РФ), Standoff (PT live cyber-battle), RuCTF / RuCTFE (РФ CTF), pwn2own (Trend Micro — vulnerability competition с large cash prizes). Self-taught + 1-2 years bug bounty + OSCP → Pentester Junior.

11 активных открытых Pentester-вакансий с явной pentest-спецификой в нашей выборке. Реальный рынок шире за счёт: 1) Most Russian security consultancies (BI.ZONE / PT / Лаборатория Касперского / Solar) часто hire через internal referrals + public job postings рассеянны, 2) Bug bounty hunters — independent, не считаются в job market, 3) Red Team Operator positions в Western consultancies (Mandiant / CrowdStrike / Bishop Fox) — premium-tier rare hiring, 4) Big Tech offensive teams (Google Project Zero / Apple SEAR) — extremely rare hiring (1-2 positions globally per year). True pentest dev jobs в СНГ + Европе оценочно 100-500 позиций активных любой момент 2026. География: EN, 🇷🇺 Россия, INT. Источники: hh.ru (Russian security consultancies + банки active), Habr Career, getmatch, Djinni, LinkedIn (международный pentest сегмент через Mandiant / CrowdStrike / Bishop Fox / NCC Group / Bug 4), NoFluffJobs / JustJoin.it (Польша pentest-friendly), Telegram (@pentest_ru, @bug_bounty_ru, @hackmyass, @cybersec_jobs, @security_ru), карьерные сайты Russian consultancies (bi.zone / ptsecurity.com / kaspersky.com / solar.ru / cdc.team), специализированные борды (cybersecjobs.com, infosec-jobs.com, cyberseek.org), HackerOne / Bugcrowd / Intigriti / Synack careers (internal Red Team + Triage teams), Y Combinator security startups, OffSec Discord #hiring, DEF CON / Black Hat / PHDays career fairs, OffSec / Zero-Point / SANS alumni networks. Реальный рынок шире за счёт международного remote (Mandiant / CrowdStrike Services / Bishop Fox / NCC Group / Synack Red Team — full-remote-friendly). Время закрытия Senior Pentester — 8-16 недель (longer чем general Security за счёт rare-skill + extensive background checks + technical interview multi-rounds с hands-on exploitation challenges).

Senior Pentester владеет полным циклом offensive security + technical leadership + customer-facing skills. Programming: Python deep (custom exploits + automation + Burp extensions + recon tools), bash + PowerShell mastery (Windows AD pentest), C / C++ для binary exploitation, JavaScript для web exploitation (XSS payloads + prototype pollution + DOM-based vulnerabilities), assembly basics для reverse engineering (x86 + x86_64 + ARM). Web App pentest mastery: Burp Suite Professional advanced (Burp Extensions authoring + Burp Collaborator integration + Burp Intruder + Burp Macros для authenticated multi-step flows), OWASP Top 10 + OWASP API Top 10 deep, modern web vulnerabilities (prototype pollution + JWT pitfalls + SSRF + GraphQL injection + WebSocket attacks + cache deception + HTTP request smuggling — advanced). Network pentest mastery: Nmap NSE scripting в Lua, Active Directory deep (Kerberoasting + ASREPRoasting + DCSync + Golden / Silver / Diamond / Sapphire Ticket + AD CS ESC1-11 + Constrained / Unconstrained Delegation abuse), Impacket mastery (smbexec + wmiexec + psexec + secretsdump + ntlmrelayx + GetUserSPNs + GetNPUsers), NetExec advanced (former CrackMapExec), BloodHound mastery (Cypher query authoring для custom attack paths), Responder advanced. Cloud pentest mastery: Pacu deep (AWS exploitation), ROADtools (Azure AD recon), AWS / Azure / GCP attack TTPs (IAM privilege escalation paths + cross-account attacks + lambda exploitation + container escape + cloud storage abuse). Mobile pentest mastery: MobSF + Frida advanced (custom JavaScript scripts для runtime modification + SSL pinning bypass для diverse anti-pinning implementations), apktool / jadx (Android RE deep), Hopper / Ghidra / IDA Pro (iOS RE). Reverse engineering: Ghidra advanced (custom scripts + Function ID database creation), IDA Pro + Hex-Rays Decompiler, x64dbg / WinDbg для dynamic analysis, malware analysis basics. Exploitation: Metasploit advanced (custom module authoring в Ruby), Cobalt Strike mastery (если Red Team track — malleable C2 profiles authoring + Aggressor scripts в Sleep language + custom payload generation), Sliver / Mythic / Havoc alternative C2. EDR evasion mastery (Red Team-specific): AMSI bypass + ETW bypass + direct syscalls (SysWhispers + Hell's Gate + Halo's Gate), payload obfuscation (Donut + Inceptor + Scarecrow + Freeze), shellcode encryption + runtime decryption, sleep obfuscation, parent PID spoofing. OPSEC discipline: command sanitization (никаких whoami / ipconfig — fingerprinted), named pipe communication, in-memory only operations, log-clean methodology. Methodology mastery: PTES + OWASP WSTG + OWASP MASTG + NIST SP 800-115 + MITRE ATT&CK Navigator usage для engagement scoping. Reporting mastery: clear technical writing для executives + reproducible PoC documentation + remediation recommendations + retest verification. Customer-facing presentation skills. Tooling development: build internal pentest tools (Python / Go), Burp extension authoring + публикация в BAppStore. Soft: customer relationship management (multi-stakeholder communication), scope negotiation, ethical decision-making (when to stop / pivot / escalate), legal awareness (computer fraud / abuse laws + chain-of-custody), mentoring Junior pentesters. Английский для Senior+ MUST — pentest community / OffSec / DEF CON / Black Hat / vendor docs (Burp Suite / Cobalt Strike) полностью англоязычные. Optional bonus: published CVEs / 0-days (massive resume boost — публикация в exploit-db.com / NVD / vendor advisories), top-tier bug bounty reputation (HackerOne top-100 / top-50), conference talks (DEF CON / Black Hat / OffensiveCon / PHDays / pwn2own wins), open-source contributions в pentest tools (Metasploit modules / Burp Extensions / Nuclei templates / Nmap NSE scripts) — резко повышают market value для frontier-pentest companies (Mandiant / Bishop Fox / Trail of Bits / Google Project Zero) hiring.

Данные собраны автоматически из 1000+ источников — Telegram-каналов вакансий и сайтов работы СНГ и Восточной Европы (HH, Habr Career, Djinni, DOU, NoFluffJobs, JustJoin.it, Pracuj.pl и других). Парсинг работает круглосуточно, дубликаты фильтруются по описанию и URL, аномальные значения зарплат отсекаются. Подробная методология — на странице «Как работает».