Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Senior Penetration Tester - Web & Hardware/IoT
$133K - $225K/yr
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Senior Penetration Tester - Web & Hardware/IoT
$133K - $225K/yr
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Penetration Tester
Hillsboro, OR · On-site
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred. Skill Set pen tester
Penetration Tester
Hillsboro, OR · On-site
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred. Skill Set pen tester
Senior Penetration Tester - Web & Hardware/IoT
Chicago, IL · On-site
$133K - $225K/yr
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Senior Penetration Tester - Web & Hardware/IoT
Chicago, IL · On-site
$133K - $225K/yr
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site +1
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site +1
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Senior Penetration Tester
Washington, DC · On-site
$145K - $180K/yr
... Web Applications * Assess and test the security of internal networks and underlying application infrastructure. * Conduct penetration testing and vulnerability assessments on Azure cloud ...
Quick apply
Senior Penetration Tester
Washington, DC · On-site
$145K - $180K/yr
... Web Applications * Assess and test the security of internal networks and underlying application infrastructure. * Conduct penetration testing and vulnerability assessments on Azure cloud ...
Penetration Tester
$95K - $112K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Quick apply
Penetration Tester
$95K - $112K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Chantilly, VA · On-site
$90K - $130K/yr
Conduct penetration testing that uses both active and passive capabilities to expose and exploit IA ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Penetration Tester
Chantilly, VA · On-site
$90K - $130K/yr
Conduct penetration testing that uses both active and passive capabilities to expose and exploit IA ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Chantilly, VA · On-site
$90K - $130K/yr
Conduct penetration testing that uses both active and passive capabilities to expose and exploit IA ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Quick apply
Penetration Tester
Chantilly, VA · On-site
$90K - $130K/yr
Conduct penetration testing that uses both active and passive capabilities to expose and exploit IA ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Washington, DC · Hybrid
$130K - $145K/yr
Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This ... Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) * Proficiency in the testing ...
Penetration Tester
Washington, DC · Hybrid
$130K - $145K/yr
Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This ... Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) * Proficiency in the testing ...
Penetration Tester
Washington, DC · On-site
$130K - $145K/yr
Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This ... Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) * Proficiency in the testing ...
Penetration Tester
Washington, DC · On-site
$130K - $145K/yr
Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This ... Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) * Proficiency in the testing ...
Penetration Tester
Reston, VA · On-site
Network penetration testing and experience working with network infrastructure * An understanding ... Experience conducting web application security assessments * Experience working with a range of ...
Penetration Tester
Reston, VA · On-site
Network penetration testing and experience working with network infrastructure * An understanding ... Experience conducting web application security assessments * Experience working with a range of ...
Senior Penetration Tester
$90K - $150K/yr
Summary: The Senior Penetration Tester will independently perform penetration testing of ... testing standards and projects, including OWASP * Knowledge of databases, applications, and Web ...
Senior Penetration Tester
$90K - $150K/yr
Summary: The Senior Penetration Tester will independently perform penetration testing of ... testing standards and projects, including OWASP * Knowledge of databases, applications, and Web ...
Penetration Tester
Herndon, VA · Hybrid
$130K - $145K/yr
Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This ... Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) * Proficiency in the testing ...
Quick apply
Penetration Tester
Herndon, VA · Hybrid
$130K - $145K/yr
Dark Wolf is actively seeking an experienced Penetration Tester to join our innovative team. This ... Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) * Proficiency in the testing ...
Application Penetration Testing Specialist (Remote)
Carolina, RI · On-site +1
$114K - $150K/yr
Testing web applications and databases * System development life cycle * Network administration * Cloud penetration testing * Linux and Windows * Kali Linux tools, Burp Suite, and other pentest tools
Application Penetration Testing Specialist (Remote)
Carolina, RI · On-site +1
$114K - $150K/yr
Testing web applications and databases * System development life cycle * Network administration * Cloud penetration testing * Linux and Windows * Kali Linux tools, Burp Suite, and other pentest tools
Understanding of Pen Test methods such as Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Penetration Testing Execution Standard (PTES ...
Quick apply
Understanding of Pen Test methods such as Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Penetration Testing Execution Standard (PTES ...
Application Penetration Testing Specialist (Remote)
Carolina, RI · On-site +1
$114K - $150K/yr
Testing web applications and databases * System development life cycle * Network administration * Cloud penetration testing * Linux and Windows * Kali Linux tools, Burp Suite, and other pentest tools
Application Penetration Testing Specialist (Remote)
Carolina, RI · On-site +1
$114K - $150K/yr
Testing web applications and databases * System development life cycle * Network administration * Cloud penetration testing * Linux and Windows * Kali Linux tools, Burp Suite, and other pentest tools
Internship Web App Penetration Testing information
See salary details
$5.29 - $6.62
0% of jobs
$7.95 is the 25th percentile. Wages below this are outliers.
$6.62 - $7.95
25% of jobs
$7.95 - $9.29
6% of jobs
$9.29 - $10.62
6% of jobs
$10.62 - $11.95
9% of jobs
The median wage is $12.16 / hr.
$11.95 - $13.29
20% of jobs
$14.35 is the 75th percentile. Wages above this are outliers.
$13.29 - $14.62
10% of jobs
$14.62 - $15.95
8% of jobs
$15.95 - $17.29
0% of jobs
$17.29 - $18.62
0% of jobs
$18.62 - $19.95
15% of jobs
$5
$12
$19
How much do internship web app penetration testing jobs pay per hour?
What is an Internship Web App Penetration Tester?
What are the key skills and qualifications needed to thrive as an Internship Web App Penetration Tester, and why are they important?
What types of tasks and projects can I expect to work on during an Internship in Web App Penetration Testing?

Full-time
Medical, Retirement
Posted 16 days ago
JPMorgan Chase & Co. rating
8.0
Based on 491 frontline employees who took The Breakroom Quiz
57th of 149 rated banks
Job description
This position is also open in the following locations: New York, NY / Atlanta, FL / Plano, TX / Columbus, OH / McLean, VA / Wilmington, DE / Jersey City, NJ / Tampa, FL / Brooklyn, NY / Houston, TX / Washington, DC
Drive the security of critical banking applications, platforms, and connected devices through hands-on offensive testing.
As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls organization, you will play a key role in safeguarding the firm's most vital assets. Your primary responsibility will be to plan, execute, and report on penetration tests targeting high-impact applications, platforms, services, and - on a more limited basis - banking hardware and IoT endpoints (e.g., ATMs, Point of Sale devices, and other connected devices). Leveraging industry-standard methodologies and advanced techniques, you will proactively identify vulnerabilities, collaborate with application owners to understand root causes, and guide effective remediation to strengthen the firm's security posture.
We are seeking candidates with a passion for offensive security, deep technical expertise in penetration testing, and a commitment to continuous learning and excellence.
Job responsibilities
- Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications (primary focus).
- Perform security assessments of banking hardware and connected/IoT technologies (limited but expected), such as ATMs, Point of Sale (POS) devices, and other embedded endpoints.
- Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place (including lab/onsite testing logistics and device access where applicable).
- Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts.
- Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations.
- Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables.
- Collaborate with development, infrastructure, security, and device/product engineering teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security.
- Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups.
- Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements.
Required qualifications, capabilities, and skills
- 5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements.
- Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile (Android/iOS) applications, including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.).
- Working knowledge of testing approaches for connected devices/IoT and purpose-built banking devices (e.g., ATMs, POS), including common attack surfaces such as exposed services, remote administration paths, authentication/authorization, hardening gaps, and insecure configurations.
- Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards.
- Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation.
- Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders.
- Experience conducting peer reviews of penetration test reports and mentoring junior testers.
- Continuous learner who keeps up with the latest offensive security trends, tools, and techniques.
Preferred qualifications, capabilities, and skills
- Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks.
- Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems.
- Experience conducting security-focused source code reviews (e.g., Python, Java, Rust).
- Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
- Experience assessing embedded systems / IoT devices in lab or onsite environments (e.g., device interface review, firmware/configuration analysis, and network/service exposure testing) relevant to ATM/POS ecosystems.
- Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP.
#CTC
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
What JPMorgan Chase & Co. employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About JPMorgan Chase & Co
Sourced by ZipRecruiter
Industry
Finance and insurance and banking and credit intermediation
Company size
10,000+ Employees
Headquarters location
New York, NY, US