Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Using LinkedIn to Land Your Dream Cybersecurity Job

Dark purple background with LinkedIn logo in bubble in front of laptop computer screen


Hiring managers and recruiters love job applicants. However, sometimes, there’s too much noise, and it can be cumbersome to sort out qualified candidates. Recruiter searches on LinkedIn can help capture passive candidates and considerably expand the qualified candidate pool for each role.

Recruiters can search for nearly anything on LinkedIn using Boolean search strings, but there are a few search factors that are more likely to be used. Creating a LinkedIn profile that speaks to these search factors will help your profile show up more prominently. Once you show up in the search, we have a few tweaks that will help you build a profile that recruiters want to click on and message.

How to Hack Hiring on LinkedIn – Recruiter Spotlights!

First things first, “hack the system” and show up in the most used LinkedIn Recruiter filters or spotlights, by putting the following elements in place:

LinkedIn recruiter spotlights
FIGURE 1- LinkedIn recruiter spotlights
  • Open to work. Add the green banner to your profile picture or keep your search more private – and go without it. Whatever you choose, turning on this feature will take you to the top of LinkedIn Recruiter search. If you’re currently employed and passively searching, LinkedIn promises that your current employer won’t be able to see if you utilize this feature.
LinkedIn open to work profile banner
FIGURE 2- Open to work profile banner
  • Are more likely to respond. LinkedIn gives preference to users who are actively engaged with the platform. If you don’t want to go all out on LinkedIn (and sometimes security professionals don’t), it still helps to respond to messages and connection requests, even if it’s just to use the auto-populated “accept” or “decline” features.
  • Have company connections and engaged with talent brand. If you want to be a pen tester, you should do some research and follow companies that regularly hire pen testers, like Bishop Fox (wink wink). Interact with their posts and add company connections in ways that are organic, like sending connection requests to recruiting team members or employees who you have seen at events or presentations.

How to Hack Hiring on LinkedIn – and Get Noticed!

  • Keywords. There are auto-populated searches on LinkedIn Recruiter, but many recruiters choose to create their own boolean strings using keywords that are relevant to the job post. To show up in these searches, examine your LinkedIn profile and compare the keywords you use in your about, experience, and skills sections with the keywords utilized in job postings for which you’re applying. Here’s a boolean string for a pen tester:
  • (burp OR burpsuite OR kali linux OR metasploit OR nmap) AND security OR “OSCP” OR ("penetration testing" OR "ethical hacking" OR "reverse engineer*" OR hacking OR penetration OR vulnerability)

While we love keywords, avoid “keyword stuffing,” or jamming keywords into sections without context.

  • Education and certifications. Always list your degree program, even if it doesn’t seem relevant. Certifications can be even more helpful than degrees when it comes to recruiter searches, but only list the certifications that you have already obtained, not those in progress. Some of the most searched certifications are those delivered by Offensive Security (think OSCP, OSCE, etc.) eLearn (eNDP is mentioned by blue teamers again and again), Zero-Point Security (Certified Red Team Operator has really been gaining in popularity), and SANS (GWAPT and GXPEN are favorites for pen testing).
  • Skills. If you don’t have the education or certs, don’t despair. One of the best things about working in security is that there is usually a greater emphasis on skills over formal education. LinkedIn lets you add 50 skills and organize them whatever way you want, so keep those relevant skills at the top! Some of the most searched skills for pen testers are cybersecurity, penetration testing, vulnerability assessment, Burp Suite, Metasploit, Nmap, ethical hacking, Kali Linux, web application security, information security, cybersecurity, network security, and OSCP.
  • Organizations and Volunteering. Some prominent security organizations and LinkedIn groups that are regularly searched include Blacks in Cyber, Women in Security and Privacy, and Offensive Security Certified Professionals. There are so many great security conferences out there, and recruiters in the know will search for them too, so use the organizations and volunteering sections to drop keywords like Wild West Hackin’ Fest, CactusCon, Women in Cybersecurity, The Diana Initiative, and DEF CON, to name a few of many.
  • TLDR; get to the point. Given the length of this blog post this may be one of those do as I say, not as I do things, but the average recruiter spends just 7.8 seconds looking at a resume. It’s safe to say that they’re not spending much more time on their first pass of a LinkedIn profile. Long sentences and big blocks of text look and feel cluttered, so keep your about section to the point and use concise and relevant bullets in your experience section. Consider adding a brief description to call attention to what you do, or your skill sets to quickly catch a recruiter’s attention. Transcend words and keep your profile picture and cover image professional, welcoming, and up to date.

Additional Resources

LinkedIn has all sorts of job search functionality, and it can’t all be covered in this post. If you want to learn more about how you can stand out, keywords for offensive security jobs, as well as tools to help you get started on a pen testing journey, be sure to download our helpful resources:

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.