1.    Perform formal penetration tests on web-based applications, networks and computer systems;
2.    Conduct physical security assessments of servers, systems and network devices;
3.    Design and create new penetration tools and tests;
4.    Probe for vulnerabilities in web applications, fat/thin client applications and standard applications;
5.    Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
6.    Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
7.    Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies
8.    Research, document and discuss security findings with management and IT teams
9.    Review and define requirements for information security solutions
10.    Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
 11.   Provide feedback and verification as an organization fixes security issues