Hello,

I’m currently facing a bit of a dilemma and would appreciate some advice.
I recently completed a 4-year apprenticeship as an IT specialist in europe focused on platform engineering/development. I worked for a very small company (4 employees total), where my responsibilities were mainly IT support with some system administration mixed in.

At the same time, I completed the eJPT and PNPT, and since January I’ve also been studying Cyber Security & Networking part-time while working full-time.

I’m now looking for a new job and have received an offer for a Junior Cyber Security Engineer position at a large healthcare organization with more than 10‘000 employees.

The role would include:
• Operating and maintaining security platforms in a critical healthcare environment
• Managing firewall policies, network segmentation, and proxy configurations (Fortinet)
• Handling security incidents, changes, and service requests in an ITSM environment
• Responding to security incidents
• Supporting security platform development across a large multi-site infrastructure
• Assisting with technical analysis, documentation, and implementation of security improvements

My long-term goal is to move into offensive security / pentesting, ideally within the next couple of years.

Do you think this role would be a good stepping stone toward pentesting, or would I be better off trying to land a SOC Analyst / Security Analyst position first?

For context, I already have the eJPT and PNPT and plan to continue working on offensive security skills outside of work. I bought the the OffSec Learn One plan, but didnt finished the Pen-200 since I was overwhelmed with the learning material. No Proving Grounds labs completed.
I am 21 years old.

I’d love to hear from people who made a similar transition.
Thanks!