ZipRecruiter

Log In

2

Entry Level Web App Penetration Testing Jobs (NOW HIRING)

Navstar

Penetration Tester

Aberdeen Proving Ground, MD ยท On-site

$173K/yr

Strong grasp of networking, TCP/IP, virtualization, containerization, and web services * In-depth understanding of OWASP Top 10, DoD, NSA, or industry-standard Vulnerability and Penetration Testing ...

InterSources

Penetration Tester

Austin, TX ยท On-site

Security Testing, Web Application security, Penetration testing (At least one year experience) What We're Looking For * Analytical thinking, and motivated to learn new things. * Experience manually ...

next page

Showing results 1-20

All JobsEntry Level Web App Penetration Testing Jobs

Entry Level Web App Penetration Testing information

See salary details

$11

$59

$86

How much do entry level web app penetration testing jobs pay per hour?

As of Jun 29, 2026, the average hourly pay for entry level web app penetration testing in the United States is $59.01, according to ZipRecruiter salary data. Most workers in this role earn between $51.20 and $66.83 per hour, depending on experience, location, and employer.

What is the difference between Entry Level Web App Penetration Testing vs Web Developer?

AspectEntry Level Web App Penetration TestingWeb Developer
CertificationsCompTIA Security+, CEH (optional)None required, but coding certifications help
Work EnvironmentSecurity teams, testing labs, client sitesDevelopment teams, office or remote
Primary FocusIdentifying security vulnerabilities in web appsBuilding and maintaining websites and applications
Tools & SkillsPenetration testing tools, scripting, security protocolsProgramming languages, frameworks, UI/UX design

Entry Level Web App Penetration Testing focuses on assessing web app security, while Web Developers create and maintain web applications. Both roles require technical skills, but penetration testers emphasize security testing and vulnerability identification, whereas developers focus on coding and user experience.

More about Entry Level Web App Penetration Testing jobs
What cities are hiring for Entry Level Web App Penetration Testing jobs? Cities with the most Entry Level Web App Penetration Testing job openings:
What are the most commonly searched types of Web App Penetration Testing jobs? The most popular types of Web App Penetration Testing jobs are:
What job categories do people searching Entry Level Web App Penetration Testing jobs look for? The top searched job categories for Entry Level Web App Penetration Testing jobs are:
Entry Level Web App Penetration Testing jobs near you
Infographic showing various Entry Level Web App Penetration Testing job openings in the United States as of June 2026, with employment types broken down into 100% Full Time. Highlights an 67% In-person, and 33% Remote job distribution, with an average salary of $122,736 per year, or $59 per hour.

Application Penetration Tester

Leading Utilities Organization

Columbus, OH โ€ข On-site

Other

Posted 6 days ago

Key responsibilities

  • Identify, validate, and exploit security vulnerabilities in browser-based/web applications, APIs, and mobile applications through manual penetration testing and supplemented automated tools.

  • Produce technical reports detailing findings, steps to reproduce, risk assessments, and remediation guidance for identified vulnerabilities.

  • Collaborate with application development and security teams to communicate findings, support defect prioritization, and participate in remediation and follow-up activities.

Job description

Application Penetration Tester

This role focuses on identifying, validating, and exploiting security vulnerabilities through hands-on, manual penetration testing across a broad range of application technologies.

This position will conduct application penetration testing on browser-based/web applications, APIs, and mobile applications (mainframe and thick client experience a plus) using primarily manual techniques supplemented by automated tools, including authentication/authorization testing and business-logic abuse cases.

Perform deep defect analysis by reproducing, validating, and safely demonstrating security impact, including chained attack paths where applicable, while triaging and dispositioning false positives from automated tooling.

Configure and tune automated application security testing tools to improve coverage, accelerate discovery, and complement manual testing efforts.

Produce clear, reproducible technical reports with detailed evidence including steps to reproduce, impacted components/endpoints, risk/impact assessment, and practical remediation guidance.

Collaborate with application development and security teams to ensure shared understanding of defects, support prioritization, and drive timely remediation through defect walkthroughs and follow-up activities.

Support continuous improvement of penetration testing methodologies and processes by leveraging industry standards and best practices.

Collaborate with team members to share knowledge, complete peer reviews of reports, and strengthen overall testing capabilities.

Communicate findings and risks clearly to technical and non-technical stakeholders, supporting readouts, status updates, and remediation Q&A sessions.

Required Qualifications:

  • 2+ years of hands-on application penetration testing experience with a strong emphasis on manual testing, beyond reviewing or validating automated scanner results
  • 2+ years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings
  • 2+ years of Cybersecurity experience, or equivalent demonstrated through one or a combination of work experience, training, military experience, or education
  • Experience conducting penetration testing on browser-based/web applications and APIs required; experience with mobile, mainframe, or thick client applications a plus
  • Proficiency with application security testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler a plus
  • Strong knowledge of common application security vulnerabilities and the OWASP Top 10
  • Experience with scripting and automation (e.g., Python, Shell) a plus
  • Knowledge of security best practices and compliance standards such as PCI DSS and GDPR preferred
  • Demonstrated understanding of security risks in AI/ML-enabled applications (e.g., prompt injection, sensitive data exposure, insecure integrations) a plus
  • Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent a plus
  • Excellent written and verbal communication skills with the ability to convey technical findings clearly to diverse audiences
  • Strong problem-solving and analytical skills
  • Proven ability to work effectively in a team-oriented, collaborative environment and partner with cross-functional teams
  • Ability to prioritize tasks and deliver high-quality results in a dynamic, fast-paced environment
  • Highly self-motivated and directed with strong organizational skills and keen attention to detail
  • Strong customer service orientation focused on delivering actionable insights and supporting timely remediation
  • This position offers a hybrid work schedule with consistent Mondayโ€“Friday hours (flexible as long as schedule remains consistent)

Apply