Penetration Tester
Salt Lake City, UT · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Salt Lake City, UT · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Salt Lake City, UT · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Homewood, AL · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Homewood, AL · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Rex, GA · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Rex, GA · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Elkhart, IN · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Elkhart, IN · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Wilmington, DE · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Wilmington, DE · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Bethesda, MD · Remote
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
Quick apply
Apply Early
Bethesda, MD · Remote
Conduct web application penetration testing. * Execute infrastructure security testing. * Perform cloud penetration testing. * Conduct operating system security assessments. * Perform wireless ...
Apply Early
Alpharetta, GA · On-site
$35 - $40/hr
Conduct penetration testing on web applications, APIs, mobile applications, and Active Directory. * Identify and report vulnerabilities using industry-standard tools and methodologies. * Collaborate ...
Alpharetta, GA · On-site
$35 - $40/hr
Conduct penetration testing on web applications, APIs, mobile applications, and Active Directory. * Identify and report vulnerabilities using industry-standard tools and methodologies. * Collaborate ...
Annapolis, MD · On-site
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Annapolis, MD · On-site
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Nashville, TN · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Nashville, TN · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Dona Ana, NM · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Dona Ana, NM · On-site
Penetration Tester - Intermediate Under general supervision, perform penetration testing of ... Understanding of PCI DSS testing requirements. Knowledge of database, application, and web server ...
Annapolis, MD · On-site
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Annapolis, MD · On-site
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Hillsboro, OR · On-site
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred. Skill Set pen tester
Hillsboro, OR · On-site
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred. Skill Set pen tester
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
$133K - $225K/yr
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
$133K - $225K/yr
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Annapolis, MD · On-site +1
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
Annapolis, MD · On-site +1
$125K - $145K/yr
Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies. * Perform application enumeration, endpoint discovery, vulnerability research, and ...
$95K - $112K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Quick apply
$95K - $112K/yr
... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications ...
$11.54 - $18.36
4% of jobs
$18.36 - $25.17
0% of jobs
$25.17 - $31.99
0% of jobs
$31.99 - $38.81
6% of jobs
$38.81 - $45.63
5% of jobs
$50.89 is the 25th percentile. Wages below this are outliers.
$45.63 - $52.45
12% of jobs
The median wage is $59.11 / hr.
$52.45 - $59.27
23% of jobs
$65.74 is the 75th percentile. Wages above this are outliers.
$59.27 - $66.08
26% of jobs
$66.08 - $72.90
13% of jobs
$72.90 - $79.72
3% of jobs
$79.72 - $86.54
7% of jobs
$11
$59
$86
A Web App Penetration Testing job involves assessing the security of web applications by simulating real-world attacks. Security professionals use various techniques to identify vulnerabilities like SQL injection, cross-site scripting (XSS), or authentication flaws. The goal is to help organizations strengthen their web applications by providing recommendations for fixing security weaknesses. Testers use tools like Burp Suite, OWASP ZAP, and manual testing techniques to ensure comprehensive coverage. This job requires knowledge of ethical hacking, web technologies, and cybersecurity best practices.
A typical day in Web App Penetration Testing involves actively assessing web applications for security weaknesses using both automated tools and manual testing techniques, reviewing code when necessary, and documenting findings comprehensively. You may also participate in meetings with developers and stakeholders to discuss vulnerabilities, advise on remediation steps, and help prioritize risk mitigation tasks. Many roles offer a mix of independent analysis and team collaboration, with frequent opportunities to learn about new technologies and threats. This environment encourages continuous learning and offers clear pathways for career growth, such as advancing to a senior tester, security consultant, or application security architect.
To thrive as a Web App Penetration Tester, you need a strong understanding of web application security, common vulnerabilities (such as OWASP Top 10), and solid programming/scripting skills, usually underpinned by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and certifications such as OSCP or CEH are highly valued. Attention to detail, analytical thinking, effective communication, and problem-solving are crucial soft skills for this role. These competencies help ensure that vulnerabilities are thoroughly identified, clearly reported, and resolved in collaboration with development teams, ultimately supporting organizational security.
8.1
Based on 5 frontline employees who took The Breakroom Quiz
53rd of 207 rated it services
Under general supervision, perform penetration testing of applications, systems, and network enclaves to identify security weaknesses and vulnerabilities. Assess enterprise systems using offensive cybersecurity techniques and provide actionable recommendations to reduce risk and improve the organization's overall cybersecurity posture.
Conduct application, network, and wireless penetration testing in accordance with approved methodologies and rules of engagement.
Identify security flaws in computing platforms, applications, and network architectures and develop mitigation strategies to address identified risks.
Apply offensive cybersecurity testing techniques, including manual and automated testing methods.
Coordinate penetration testing activities and schedules with internal stakeholders, system owners, and external partners as required.
Perform network vulnerability assessments and exploitation testing across on-premises and enclave-based environments.
Execute wireless security assessments, including identification of rogue access points and insecure configurations.
Analyze test results and document findings, including severity, impact, and recommended remediation actions.
Prepare and deliver technical assessment reports and briefings to leadership and technical teams.
Support compliance-driven testing efforts, including PCI DSS and other applicable security standards.
Contribute to continuous improvement of enterprise cybersecurity posture through lessons learned and testing feedback.
Secret – IT-II (Tier 3) Non-Critical Sensitive Clearance
Possess a certification in penetration testing, such as:
Minimum of 3 years of demonstrated experience performing vulnerability assessments and penetration testing.
Minimum of 2 years of experience conducting network vulnerability assessments and penetration testing methodologies.
Two Years experience with testing tools including NESSUS, METASPLOIT, CANVAS, NMAP, Burp Suite and Kismet.
Minimum of 1 year of experience authoring formal penetration testing or security assessment reports.
Minimum of 2 years of experience using, administering, and troubleshooting Linux operating systems.
Minimum of 2 years of experience using, administering, and troubleshooting Windows Server or Linux servers, including IIS or Apache.
Proficiency with penetration testing and assessment tools, including Nessus, Metasploit, CANVAS, Nmap, Burp Suite, and Kismet.
Strong understanding of TCP/IP protocols, networking concepts, and network architectures.
Knowledge of open security testing standards and projects, including OWASP.
Understanding of PCI DSS testing requirements.
Knowledge of database, application, and web server design and implementation.
Experience with wireless LAN security testing methodologies and tools.
Experience scripting in one or more of the following languages: Perl, Python, Ruby, Bash, or Java.
Demonstrated written documentation and oral presentation skills.
Ability to clearly communicate technical findings to both technical and non-technical audiences.
Sourced by ZipRecruiter
201 - 500 Employees
Reston, VA, US
2008