If your company is looking for someone to do penetration testing, your best bet is to get someone with CEH (Certified Ethical Hacker) qualifications as that person has received training in hacking techniques, that person has been vetted (to unknown extent) by the EC Council) and a CEH has been tested for knowledge including (most importantly) that he/she needs to be protected with an ironclad which allows your system to be attacked/penetrated. Failure of any of these points will mean that you are putting your company's IT resources (not to mention it's reputation) at risk.
As a CEH, I must say that I was rather shocked that the hacker tools (like BackTrack - that link should scare you!) are widely available and continually upgraded. Therefore, it is incumbent upon you to get references from your CEH and then talk to the CEH's prior clients.
Do NOT merely get someone's kid to attack your system as the damage caused could be irreparable. Do it professionally ... and expect to pay for it. Just remember, you get what you pay for so give yourself credit for (1) knowing the value of a pen test and (2) asking for advice.