If your company is looking for someone to do penetration testing, your best bet is to get someone with CEH (Certified Ethical Hacker) qualifications as that person has received training in hacking techniques, that person has been vetted (to unknown extent) by the EC Council) and a CEH has been tested for knowledge including (most importantly) that he/she needs to be protected with an ironclad which allows your system to be attacked/penetrated. Failure of any of these points will mean that you are putting your company’s IT resources (not to mention it’s reputation) at risk.
As a CEH, I must say that I was rather shocked that the hacker tools (like BackTrack - that link should scare you!) are widely available and continually upgraded. Therefore, it is incumbent upon you to get references from your CEH and then talk to the CEH’s prior clients.
Do NOT merely get someone’s kid to attack your system as the damage caused could be irreparable. Do it professionally … and expect to pay for it. Just remember, you get what you pay for so give yourself credit for (1) knowing the value of a pen test and (2) asking for advice.
If your company is looking for a Penetration Testing then look for a person who is having a certification of LPT(Licensed Penetration Tester) . This guys can help you to find maximum bugs from your system.
As others suggested, it would be best to hire a prefessional for this. However, if you want to do it on your own, I’d suggest you give Nessus a shot. There is a free version available which is sufficient to get a basic idea of your (web) security.