Vantaggi
The biggest pros are the people and the projects. This is true for any service line at Schellman and not just pen testing. That said, the individuals on the pen test team and those that work closely with the pen test team are sharp. The company as a whole is very collaborative. Many of the projects are with cloud service providers, particularly with SaaS providers on the pen test side, which results in a lot of opportunities to seek out and exploit the latest and greatest vulnerabilities. The company is very supportive with training and development, including conference attendance.
Svantaggi
On the pen test side there aren’t really any cons as long as you are ready to constantly face new challenges, willing to put in some extra time and accepting of being humbled on occasion. Projects can vary greatly from week to week and many projects include technologies, implementations or requirements that most people, including the pen test team, do not see very often. Sporadically, you will find out about some nuance on a Thursday or Friday, like next week’s application is developed in a framework like ZKoss or XPages, and need to be ready on Monday to test. There is generally enough time to prep, but sometimes it is a short turnaround.