Penetration Tester
Casar, NC · On-site
Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves ...
Casar, NC · On-site
Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves ...
Casar, NC · On-site
Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves ...
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Charlotte, NC · On-site
... penetration ... testing tools • Demonstrated experience with creating and communication of reports regarding web ...
Charlotte, NC · On-site
... penetration ... testing tools • Demonstrated experience with creating and communication of reports regarding web ...
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Paradise Valley, AZ · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Paradise Valley, AZ · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Clackamas, OR · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Clackamas, OR · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Lansing, MI · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Lansing, MI · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
San Antonio, TX · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
San Antonio, TX · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Augusta, ME · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Augusta, ME · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Washington, DC · On-site
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Washington, DC · On-site
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
New
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
New
Merrimack, NH · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Merrimack, NH · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Bethesda, MD · On-site
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
Bethesda, MD · On-site
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
Bethesda, MD · On-site +1
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
Bethesda, MD · On-site +1
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
Leesburg, VA · On-site
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Leesburg, VA · On-site
Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...
Richmond, VA · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Richmond, VA · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Kings Mills, OH · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Kings Mills, OH · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Austin, TX · On-site
Penetration Testing Experience with operating systems, web applications and network infrastructure. Experience with using Penetration Testing Tools. e.g. NMap, Nessus, Metasploit, BurpSuite, Nikto ...
Austin, TX · On-site
Penetration Testing Experience with operating systems, web applications and network infrastructure. Experience with using Penetration Testing Tools. e.g. NMap, Nessus, Metasploit, BurpSuite, Nikto ...
$92.30/hr
Title: Penetration Tester Job ID: 26-03154 Location: Remote Duration: 12 Months on W2 contract ... Web Application, API, and Infrastructure Security Testing * Vulnerability Assessment & Remediation ...
New
$92.30/hr
Title: Penetration Tester Job ID: 26-03154 Location: Remote Duration: 12 Months on W2 contract ... Web Application, API, and Infrastructure Security Testing * Vulnerability Assessment & Remediation ...
New
Pensacola, FL · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Pensacola, FL · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
$11.54 - $18.36
4% of jobs
$18.36 - $25.17
0% of jobs
$25.17 - $31.99
0% of jobs
$31.99 - $38.81
6% of jobs
$38.81 - $45.63
5% of jobs
$50.89 is the 25th percentile. Wages below this are outliers.
$45.63 - $52.45
12% of jobs
The median wage is $59.11 / hr.
$52.45 - $59.27
23% of jobs
$65.74 is the 75th percentile. Wages above this are outliers.
$59.27 - $66.08
26% of jobs
$66.08 - $72.90
13% of jobs
$72.90 - $79.72
3% of jobs
$79.72 - $86.54
7% of jobs
$11
$59
$86
A Web App Penetration Testing job involves assessing the security of web applications by simulating real-world attacks. Security professionals use various techniques to identify vulnerabilities like SQL injection, cross-site scripting (XSS), or authentication flaws. The goal is to help organizations strengthen their web applications by providing recommendations for fixing security weaknesses. Testers use tools like Burp Suite, OWASP ZAP, and manual testing techniques to ensure comprehensive coverage. This job requires knowledge of ethical hacking, web technologies, and cybersecurity best practices.
A typical day in Web App Penetration Testing involves actively assessing web applications for security weaknesses using both automated tools and manual testing techniques, reviewing code when necessary, and documenting findings comprehensively. You may also participate in meetings with developers and stakeholders to discuss vulnerabilities, advise on remediation steps, and help prioritize risk mitigation tasks. Many roles offer a mix of independent analysis and team collaboration, with frequent opportunities to learn about new technologies and threats. This environment encourages continuous learning and offers clear pathways for career growth, such as advancing to a senior tester, security consultant, or application security architect.
To thrive as a Web App Penetration Tester, you need a strong understanding of web application security, common vulnerabilities (such as OWASP Top 10), and solid programming/scripting skills, usually underpinned by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and certifications such as OSCP or CEH are highly valued. Attention to detail, analytical thinking, effective communication, and problem-solving are crucial soft skills for this role. These competencies help ensure that vulnerabilities are thoroughly identified, clearly reported, and resolved in collaboration with development teams, ultimately supporting organizational security.
8.3
Based on 43 frontline employees who took The Breakroom Quiz
39th of 146 rated financial services
A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
We are looking for a collaborative team player, with a good technical knowledge in web application and infrastructure penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.
The Role
The Requirements
Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.
Skills:
Holds relevant industry certification/s or equivalent like the following:
We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.
Get the full story on Breakroom