A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers.
A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers.
Penetration Tester
Charlotte, NC · On-site
... web application vulnerabilities to various level of personnel within a large organization ... application penetration testing. Minimum of 5 years of demonstrated experience with automated ...
Penetration Tester
Charlotte, NC · On-site
... web application vulnerabilities to various level of personnel within a large organization ... application penetration testing. Minimum of 5 years of demonstrated experience with automated ...
Penetration Tester
Charlotte, NC · On-site
... web application vulnerabilities to various level of personnel within a large organization ... with application penetration testing. • Minimum of 5 years of demonstrated experience with ...
Penetration Tester
Charlotte, NC · On-site
... web application vulnerabilities to various level of personnel within a large organization ... with application penetration testing. • Minimum of 5 years of demonstrated experience with ...
Penetration Tester
Sacramento, CA · On-site
Penetration Tester Sacramento, CA 24+ months Required Skills: Must have performed IT testing and ... Web Expert (OSWE). o CompTIA PenTest+. Regards Naresh Damagalla West Advanced Technologies, Inc E ...
Penetration Tester
Sacramento, CA · On-site
Penetration Tester Sacramento, CA 24+ months Required Skills: Must have performed IT testing and ... Web Expert (OSWE). o CompTIA PenTest+. Regards Naresh Damagalla West Advanced Technologies, Inc E ...
Penetration Tester
$86K - $138K/yr
Responsibilities Peraton is seeking an experienced Cyber Penetration Tester to become part of ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
$86K - $138K/yr
Responsibilities Peraton is seeking an experienced Cyber Penetration Tester to become part of ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
Los Angeles, CA · On-site
Position : Penetration Tester Locations: Los Angeles( CA), Dallas (TX), Washington DC ... Perform penetration tests against external networks, internal networks, web applications, mobile ...
Penetration Tester
Los Angeles, CA · On-site
Position : Penetration Tester Locations: Los Angeles( CA), Dallas (TX), Washington DC ... Perform penetration tests against external networks, internal networks, web applications, mobile ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
Responsibilities Peraton is seeking an experienced Cyber Penetration Tester to become part of ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
Arlington, VA · On-site
$86K - $138K/yr
Responsibilities Peraton is seeking an experienced Cyber Penetration Tester to become part of ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
$95K - $112K/yr
SkyePoint Decisions is seeking a Penetration Tester to support the Diplomatic Security Cyber ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Quick apply
Penetration Tester
$95K - $112K/yr
SkyePoint Decisions is seeking a Penetration Tester to support the Diplomatic Security Cyber ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
Falls Church, VA · On-site
... web applications, cloud components, and operational data platform services spanning NIPRNet ... penetration testing activities to identify exploitable vulnerabilities, insecure configurations ...
Penetration Tester
Falls Church, VA · On-site
... web applications, cloud components, and operational data platform services spanning NIPRNet ... penetration testing activities to identify exploitable vulnerabilities, insecure configurations ...
Penetration Tester
Hillsboro, OR · On-site
Strong Web Application development, security flaw and remediation technical understanding. * Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified ...
Penetration Tester
Hillsboro, OR · On-site
Strong Web Application development, security flaw and remediation technical understanding. * Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified ...
Penetration Tester
$86K - $138K/yr
Responsibilities Peraton is seeking an experienced Cyber Penetration Tester to become part of ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
$86K - $138K/yr
Responsibilities Peraton is seeking an experienced Cyber Penetration Tester to become part of ... Common web application vulnerabilities and exploits such as XSS, SQLi, LFI, file uploads, broken ...
Penetration Tester
Washington, DC · Hybrid
$130K - $145K/yr
Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API ... Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth ...
Penetration Tester
Washington, DC · Hybrid
$130K - $145K/yr
Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API ... Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth ...
Penetration Tester
Washington, DC · On-site
$130K - $145K/yr
Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API ... Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth ...
Penetration Tester
Washington, DC · On-site
$130K - $145K/yr
Conducting web application security assessments, focusing on OWASP Top Ten vulnerabilities and API ... Engaging in wireless and RF security testing, including penetration testing on Wi-Fi, Bluetooth ...
Penetration Tester
$90K - $130K/yr
CDT is looking for a Penetration Tester to This will be supporting a government customer onsite in ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Quick apply
Penetration Tester
$90K - $130K/yr
CDT is looking for a Penetration Tester to This will be supporting a government customer onsite in ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Penetration Tester
Chantilly, VA · On-site
$90K - $130K/yr
CDT is looking for a Penetration Tester to This will be supporting a government customer onsite in ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Penetration Tester
Chantilly, VA · On-site
$90K - $130K/yr
CDT is looking for a Penetration Tester to This will be supporting a government customer onsite in ... System methodologies including: client/server, web hosting, web content servers, policy servers ...
Penetration Tester
Reston, VA · On-site
Penetration Tester Location: Reston, VA Work Mode - Hybrid role, 2 days' Work from Office ... Experience conducting web application security assessments * Experience working with a range of ...
Penetration Tester
Reston, VA · On-site
Penetration Tester Location: Reston, VA Work Mode - Hybrid role, 2 days' Work from Office ... Experience conducting web application security assessments * Experience working with a range of ...
Penetration Tester
San Francisco, CA · On-site
Looking for an experienced Penetration Tester with strong skills in VAPT for Web, API, and Thick-Client applications , along with SAST/DAST expertise. The role involves performing manual and ...
Quick apply
Penetration Tester
San Francisco, CA · On-site
Looking for an experienced Penetration Tester with strong skills in VAPT for Web, API, and Thick-Client applications , along with SAST/DAST expertise. The role involves performing manual and ...
Conduct web, mobile, API, and microservices security testing using industrystandard tools and manual exploitation techniques. * Execute AWS cloud penetration testing within approved boundaries (IAM ...
New
Penetration Tester
Springfield, VA · On-site
$100K - $140K/yr
GIAC Web Application Penetration Tester (GWAP) Company Description Total Cyber Solutions is a premier provider of Government Contracting, managed IT Services, and Cybersecurity Training. We help ...
Quick apply
Penetration Tester
Springfield, VA · On-site
$100K - $140K/yr
GIAC Web Application Penetration Tester (GWAP) Company Description Total Cyber Solutions is a premier provider of Government Contracting, managed IT Services, and Cybersecurity Training. We help ...
... Web Penetration Testing: • Common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc. --Tools: • Proficiency in any of the following:
... Web Penetration Testing: • Common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc. --Tools: • Proficiency in any of the following:
Web Penetration Tester information
See salary details
$22.5K - $35.8K
0% of jobs
$35.8K - $49K
0% of jobs
$49K - $62.3K
2% of jobs
$62.3K - $75.6K
3% of jobs
$75.6K - $88.9K
1% of jobs
$101.1K is the 25th percentile. Wages below this are outliers.
$88.9K - $102.1K
20% of jobs
$102.1K - $115.4K
14% of jobs
The median wage is $120.4K / yr.
$115.4K - $128.7K
26% of jobs
$138.1K is the 75th percentile. Wages above this are outliers.
$128.7K - $142K
13% of jobs
$142K - $155.2K
13% of jobs
$155.2K - $168.5K
9% of jobs
$22.5K
$119.9K
$168.5K
How much do web penetration tester jobs pay per year?
What is a Web Penetration Tester job?
A Web Penetration Tester is a cybersecurity professional who evaluates the security of web applications by simulating cyberattacks. They identify vulnerabilities, exploit weaknesses, and provide recommendations to improve security. Their goal is to protect web systems from threats like SQL injection, cross-site scripting (XSS), and authentication flaws. This role requires expertise in ethical hacking, scripting, and security tools such as Burp Suite and OWASP ZAP.
What are the key skills and qualifications needed to thrive in the Web Penetration Tester position, and why are they important?
To thrive as a Web Penetration Tester, you need a solid background in cybersecurity principles, web application architecture, and vulnerability assessment, often supported by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and relevant certifications such as OSCP or CEH are highly valued. Strong analytical thinking, effective communication, and meticulous attention to detail set candidates apart in this profession. These skills ensure that testers can identify critical security flaws while clearly conveying technical risks to both technical teams and non-technical stakeholders, effectively strengthening organizational cybersecurity.
What are some of the main challenges faced by Web Penetration Testers in their daily work?
Web Penetration Testers often face the challenge of keeping up with rapidly evolving web technologies and an ever-changing threat landscape. They must carefully balance thorough testing with tight project deadlines, ensuring their work uncovers both common and obscure security vulnerabilities. Collaborating with development and operations teams can require clear communication to explain findings and foster a security-oriented culture. The role can also involve continual learning and adapting to new tools, methodologies, and compliance requirements.
- Overnight International Penetration Tester
- Penetration Testing Engineer
- Senior International Penetration Tester
- Penetration Testers
- Remote Htb Cpts
- Giac Exploit Researcher And Advanced Penetration Tester
- Entry Level Cybersecurity Penetration Tester
- Home Based Penetration Tester Red Team
- Htb Cpts
- Penetration Tester Red Team

Willis Towers Watson rating
8.3
Based on 44 frontline employees who took The Breakroom Quiz
40th of 148 rated financial services
Job description
A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
We are looking for a collaborative team player, with a good technical knowledge in web application and infrastructure penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.
The Role
- Vulnerability Assessment: Conducting comprehensive assessments of web applications and Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server.
- Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.
- Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
- Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
- Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
- Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
- Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
- Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.
The Requirements
- Education: A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.
Skills:
- Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
- Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws
- Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
- Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
- Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.
- Very good English skills (C1/C2 level), both spoken and written
Holds relevant industry certification/s or equivalent like the following:
- CEH - Certified Ethical Hacker
- OSCP - Offensive Security Certified Professional
- GPEN - GIAC Penetration Tester
- PNPT - Practical Network Penentration Tester
- Burp Suite Certified Practitioner
- eWAPT/eWAPTx - elearning Web Application Penetration Tester
We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.
What Willis Towers Watson employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom