skitch, in your post you are talking about a Junior Pentest role, but have you considered also looking internships?  An internship, still counts as experience, and could serve as some decent experience for you.  Maybe this anecdote will help clairify: at my current employer, I have seen 3 interns get promoted into full-time positions in the last year.  These persons came into the company as recently graduated interns, proved they know a thing or two, and in return were offered permanent positions (not pentesters, but other tech roles).  Now, lets get one thing straigt, I'm NOT saying intership=job, but I am saying, it could help you get a foot in the door which could result in a job.

Me personally, I have been working as the corporate IT / help desk person at said company for about a year.  I manage the VOIP, user workstations, windows servers, and parts of the corp network.  For the most part, I can do my job in my sleep.  But, I'm working on building my skills and knowledge in my off-time (no one said I can't read an article or two while watching progress bars right) .  A couple of the admins will ask me questions, for example: the other day one of the guys was asking me if they should be using RSA or DSA for SSH signing.  

Point of this, if you read the link from sil, he talks about his back ground and how he got into security.  From the sounds of it, sil didn't start out as the security guru he is.  H1t M0nk3y has recently started to transition into security (from being a developer if memory serves (see H1t, I read your posts)).  So, it won't hurt trying to get a pentesting gig, but it might also be a good idea to look for something else (developer, sys admin, etc).  What is the worst thing that could happen when applying for a job?  But, it isn't a bad idea to have a "plan B".

Nope, when I first landed my "security position" it was still non-existent, I kind of made it exist. I was a heavy systems/network admin engineer. I had worked on AIX, AS/400, Irix, FreeBSD and Linux servers. Security was an afterthought. Hell I remember when SATAN came out because I remember Dan Farmer was at SGI and I think he left either because of it or SGI fired him or something like that. Back then one was a systems admin and security really fell under that umbrella. Heck I remember re-writing Titan for FreeBSD on my own before TrustedBSD was a thought. I've seen alot, seeing even more fun stuff now with my VoIP Abuse Project... For H1tM0nk3y, I would say he'd likely excel at any web based pentesting or even the CSSLP because it's likely in his every day routine right now.

So this brings us all back to you now skitch, you started a post and have yet to respond back to anyone Which either means that you're overwhelmed and your head is spinning, you're confused, or still uncertain... What is it you *truly* want to do... I say this from the following perspective now... Do you want to make a career pentester for the sake of loving what you do? If so, you're the one who makes an experience at the end of day, not a job... Or is it you just want to find a job as a pentester... A "job" becomes boring... Anyone can be taught to push buttons... A career is fulfilling, exciting and never dull