1

Web App Penetration Testing Jobs (NOW HIRING)

Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves ...

Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...

Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...

Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...

New

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Offensive Security Web Expert (OSWE) * Certified Ethical Hacker (CEH) * EC Council Certified Security Analyst (ECSA) * CEH Practical * ECSA Practical * Licensed Penetration Tester (LPT) Master * GIAC ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

Penetration Testing Experience with operating systems, web applications and network infrastructure. Experience with using Penetration Testing Tools. e.g. NMap, Nessus, Metasploit, BurpSuite, Nikto ...

Title: Penetration Tester Job ID: 26-03154 Location: Remote Duration: 12 Months on W2 contract ... Web Application, API, and Infrastructure Security Testing * Vulnerability Assessment & Remediation ...

New

Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...

next page

Showing results 1-20

Web APP Penetration Testing information

See salary details

$11

$59

$86

How much do web app penetration testing jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for web app penetration testing in the United States is $59.01, according to ZipRecruiter salary data. Most workers in this role earn between $51.20 and $66.83 per hour, depending on experience, location, and employer.

What is a Web App Penetration Testing job?

A Web App Penetration Testing job involves assessing the security of web applications by simulating real-world attacks. Security professionals use various techniques to identify vulnerabilities like SQL injection, cross-site scripting (XSS), or authentication flaws. The goal is to help organizations strengthen their web applications by providing recommendations for fixing security weaknesses. Testers use tools like Burp Suite, OWASP ZAP, and manual testing techniques to ensure comprehensive coverage. This job requires knowledge of ethical hacking, web technologies, and cybersecurity best practices.

What does a typical workday look like for someone in Web App Penetration Testing?

A typical day in Web App Penetration Testing involves actively assessing web applications for security weaknesses using both automated tools and manual testing techniques, reviewing code when necessary, and documenting findings comprehensively. You may also participate in meetings with developers and stakeholders to discuss vulnerabilities, advise on remediation steps, and help prioritize risk mitigation tasks. Many roles offer a mix of independent analysis and team collaboration, with frequent opportunities to learn about new technologies and threats. This environment encourages continuous learning and offers clear pathways for career growth, such as advancing to a senior tester, security consultant, or application security architect.

What are the key skills and qualifications needed to thrive in the Web App Penetration Testing position, and why are they important?

To thrive as a Web App Penetration Tester, you need a strong understanding of web application security, common vulnerabilities (such as OWASP Top 10), and solid programming/scripting skills, usually underpinned by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and certifications such as OSCP or CEH are highly valued. Attention to detail, analytical thinking, effective communication, and problem-solving are crucial soft skills for this role. These competencies help ensure that vulnerabilities are thoroughly identified, clearly reported, and resolved in collaboration with development teams, ultimately supporting organizational security.

More about Web APP Penetration Testing jobs
What are the most commonly searched types of Web App Penetration Testing jobs? The most popular types of Web App Penetration Testing jobs are:
What states have the most Web App Penetration Testing jobs? States with the most job openings for Web App Penetration Testing jobs include:
What job categories do people searching Web App Penetration Testing jobs look for? The top searched job categories for Web App Penetration Testing jobs are:
Penetration Tester

Full-time

Posted 8 days ago


Willis Towers Watson rating

8.3

Company rating: 8.3 out of 10

Based on 43 frontline employees who took The Breakroom Quiz

39th of 146 rated financial services


Job description

A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
We are looking for a collaborative team player, with a good technical knowledge in web application and infrastructure penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.

The Role

  • Vulnerability Assessment: Conducting comprehensive assessments of web applications  and Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server.
  • Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.
  • Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
  • Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
  • Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
  • Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
  • Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
  • Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.

The Requirements

  • Education: A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
  • Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.

Skills:

  • Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
  • Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws
  • Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
  • Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
  • Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.
  • Very good English skills (C1/C2 level), both spoken and written

Holds relevant industry certification/s or equivalent like the following:

  • CEH - Certified Ethical Hacker
  • OSCP - Offensive Security Certified Professional
  • GPEN - GIAC Penetration Tester
  • PNPT - Practical  Network Penentration Tester
  • Burp Suite Certified Practitioner
  • eWAPT/eWAPTx - elearning Web Application Penetration Tester

We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.


What Willis Towers Watson employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom