Penetration Testing Lead
Washington, DC · On-site
GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:
Penetration Testing Lead
Washington, DC · On-site
GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:
Must have experience with penetration testing tools. * Must have experience in web development and ... Must have experience performing web app and physical pentests. * Must have experience with or ...
Must have experience with penetration testing tools. * Must have experience in web development and ... Must have experience performing web app and physical pentests. * Must have experience with or ...
Penetration Testing Lead
Warrenton, VA · On-site
GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:
Penetration Testing Lead
Warrenton, VA · On-site
GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:
Extensive knowledge of and proven experience with penetration testing of web applications, and methods and frameworks for identifying and remediating vulnerabilities. In-depth knowledge of OWASP Top ...
Extensive knowledge of and proven experience with penetration testing of web applications, and methods and frameworks for identifying and remediating vulnerabilities. In-depth knowledge of OWASP Top ...
Qualifications Required Skills: 1) Application security testing. 2) Penetration testing (against applications). 3) Experience with application testing tools (examples are Qualys Web App Security ...
Qualifications Required Skills: 1) Application security testing. 2) Penetration testing (against applications). 3) Experience with application testing tools (examples are Qualys Web App Security ...
Penetration Testing
Santa Clara, CA · On-site
Santa Clara, CA Role Summary The Application Security & Penetration Testing Specialist will be responsible for conducting security assessments across web, mobile, thick client, and instrumented ...
Penetration Testing
Santa Clara, CA · On-site
Santa Clara, CA Role Summary The Application Security & Penetration Testing Specialist will be responsible for conducting security assessments across web, mobile, thick client, and instrumented ...
Have proficiency with penetration testing tools, suites, and platforms such as Metasploit, and Burp ... Knowledge in secure web app design, cryptography and key material handling, authentication ...
Have proficiency with penetration testing tools, suites, and platforms such as Metasploit, and Burp ... Knowledge in secure web app design, cryptography and key material handling, authentication ...
... penetration testing tools Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization.
... penetration testing tools Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization.
Penetration Tester
Charlotte, NC · On-site
... penetration ... testing tools • Demonstrated experience with creating and communication of reports regarding web ...
Penetration Tester
Charlotte, NC · On-site
... penetration ... testing tools • Demonstrated experience with creating and communication of reports regarding web ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Penetration Tester
Hillsboro, OR · On-site
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred. Skill Set pen tester
Penetration Tester
Hillsboro, OR · On-site
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred. Skill Set pen tester
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site +1
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site +1
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Conduct penetration testing that uses both active and passive capabilities to expose and exploit IA ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Conduct penetration testing that uses both active and passive capabilities to expose and exploit IA ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Software/Web Application/Web Services penetration testing network Penetration Testing Mobile Application Penetration Testing Thick Client Penetration Testing Knows scripting language Review test ...
Software/Web Application/Web Services penetration testing network Penetration Testing Mobile Application Penetration Testing Thick Client Penetration Testing Knows scripting language Review test ...
Penetration Tester
$95K - $112K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Quick apply
Penetration Tester
$95K - $112K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Web APP Penetration Testing information
See salary details
$11.54 - $18.36
4% of jobs
$18.36 - $25.17
0% of jobs
$25.17 - $31.99
0% of jobs
$31.99 - $38.81
6% of jobs
$38.81 - $45.63
5% of jobs
$50.89 is the 25th percentile. Wages below this are outliers.
$45.63 - $52.45
12% of jobs
The median wage is $59.11 / hr.
$52.45 - $59.27
23% of jobs
$65.74 is the 75th percentile. Wages above this are outliers.
$59.27 - $66.08
26% of jobs
$66.08 - $72.90
13% of jobs
$72.90 - $79.72
3% of jobs
$79.72 - $86.54
7% of jobs
$11
$59
$86
How much do web app penetration testing jobs pay per hour?
As of Jun 8, 2026, the average hourly pay for web app penetration testing in the United States is $59.01, according to ZipRecruiter salary data. Most workers in this role earn between $51.20 and $66.83 per hour, depending on experience, location, and employer.
What is a Web App Penetration Testing job?
A Web App Penetration Testing job involves assessing the security of web applications by simulating real-world attacks. Security professionals use various techniques to identify vulnerabilities like SQL injection, cross-site scripting (XSS), or authentication flaws. The goal is to help organizations strengthen their web applications by providing recommendations for fixing security weaknesses. Testers use tools like Burp Suite, OWASP ZAP, and manual testing techniques to ensure comprehensive coverage. This job requires knowledge of ethical hacking, web technologies, and cybersecurity best practices.
What does a typical workday look like for someone in Web App Penetration Testing?
A typical day in Web App Penetration Testing involves actively assessing web applications for security weaknesses using both automated tools and manual testing techniques, reviewing code when necessary, and documenting findings comprehensively. You may also participate in meetings with developers and stakeholders to discuss vulnerabilities, advise on remediation steps, and help prioritize risk mitigation tasks. Many roles offer a mix of independent analysis and team collaboration, with frequent opportunities to learn about new technologies and threats. This environment encourages continuous learning and offers clear pathways for career growth, such as advancing to a senior tester, security consultant, or application security architect.
What are the key skills and qualifications needed to thrive in the Web App Penetration Testing position, and why are they important?
To thrive as a Web App Penetration Tester, you need a strong understanding of web application security, common vulnerabilities (such as OWASP Top 10), and solid programming/scripting skills, usually underpinned by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and certifications such as OSCP or CEH are highly valued. Attention to detail, analytical thinking, effective communication, and problem-solving are crucial soft skills for this role. These competencies help ensure that vulnerabilities are thoroughly identified, clearly reported, and resolved in collaboration with development teams, ultimately supporting organizational security.
More about Web APP Penetration Testing jobs
What are the most commonly searched types of Web App Penetration Testing jobs? The most popular types of Web App Penetration Testing jobs are:
What states have the most Web App Penetration Testing jobs? States with the most job openings for Web App Penetration Testing jobs include:
What job categories do people searching Web App Penetration Testing jobs look for? The top searched job categories for Web App Penetration Testing jobs are:
- Part Time Oscp
- Contract International Ethical Hacker
- Penetration Tester Ethical Hacker
- Internship Penetration Tester Ethical Hacker
- Part Time Penetration Tester Ethical Hacker
- Overnight Cybersecurity Penetration Tester
- Freelance Cyber Security Ethical Hacking
- Hourly Oscp
- Remote Cyber Security Ethical Hacking
- Cyber Security Penetration
Full-time
Medical, Dental, Vision, Retirement, PTO
Posted 19 days ago
Job description
Koniag IT Systems, LLC, a Koniag Government Services company, is seeking a Penetration Testing Lead to support KITS and our government customer in Washington, DC. This position is for a Future New Business Opportunity.
The customer may need support as needed at other locations: Warrenton, VA, Atlantic City, NJ, Melbourne, FL, Oklahoma, OK and Leesburg, VA.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
We are seeking an experienced Penetration Testing Lead to conduct advanced penetration testing activities, simulate cyberattacks, and evaluate the security posture of systems, networks, and applications. The Penetration Testing Lead will analyze vulnerabilities, identify gaps in IT security policies and configurations, and deliver actionable recommendations to reduce organizational cyber risk. This role requires a highly technical leader with demonstrated experience in offensive and defensive cybersecurity operations and penetration testing methodologies.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
Required Qualifications:
Red Teaming Certifications:
Blue Teaming Certifications:
Preferred Qualifications:
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
The customer may need support as needed at other locations: Warrenton, VA, Atlantic City, NJ, Melbourne, FL, Oklahoma, OK and Leesburg, VA.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
We are seeking an experienced Penetration Testing Lead to conduct advanced penetration testing activities, simulate cyberattacks, and evaluate the security posture of systems, networks, and applications. The Penetration Testing Lead will analyze vulnerabilities, identify gaps in IT security policies and configurations, and deliver actionable recommendations to reduce organizational cyber risk. This role requires a highly technical leader with demonstrated experience in offensive and defensive cybersecurity operations and penetration testing methodologies.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
- Perform penetration testing and vulnerability assessments of systems, networks, and applications.
- Provide detailed analysis of discovered vulnerabilities, gaps, and risks, including assessment of patching and mitigation strategies.
- Act as an ethical attacker (red team) to simulate cyber intrusions, or as defensive cybersecurity personnel (blue team) to strengthen system resilience.
- Develop penetration testing Rules of Engagement (ROE), test plans, and reports.
- Execute tests in alignment with specifications, requirements, and cybersecurity guidance.
- Provide technical expertise on penetration testing tools, cyber ranges, and simulation environments.
- Recommend remediation actions to lower overall risk exposure.
- Lead, supervise, and coordinate penetration testing teams and activities.
Required Qualifications:
- Bachelor's degree in Cyber Security, Computer Science, Information Technology, Engineering, Mathematics, or Physics from an accredited institution.
- Eight (8) years of experience performing penetration testing or related responsibilities described in this position.
- At least two (2) years of relevant experience must be recent (performed within the last three years).
- Five (5) years of management and supervisory experience within the required experience timeframe
- Two (2) of those five (5) years must have been in a lead role.
- At least one (1) of the following Red Teaming or Blue Teaming certifications:
Red Teaming Certifications:
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Offensive Security Wireless Professional (OSWP)
- Offensive Security Web Expert (OSWE)
- Certified Ethical Hacker (CEH)
- EC Council Certified Security Analyst (ECSA)
- CEH Practical
- ECSA Practical
- Licensed Penetration Tester (LPT) Master
- GIAC Certified Incident Handler (GCIH)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- GIAC Assessing and Auditing Wireless Networks (GAWN)
Blue Teaming Certifications:
- Certified Network Defender (CND)
- Certified Network Defense Architect (CNDA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Defending Advanced Threats (GDAT)
- GIAC Defensible Security Architecture (GDSA)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Certified Forensic Analyst (GCFA)
Preferred Qualifications:
- Experience supporting federal agencies or regulated cybersecurity environments.
- Knowledge of NIST security controls, RMF, cyber ranges, and penetration testing methodologies.
- Strong communication, reporting, and documentation skills.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
About Koniag
Sourced by ZipRecruiter
Industry
Investment management and consulting services
Company size
501 - 1,000 Employees
Headquarters location
Kodiak, AK, US
Year founded
1972