1

Web Penetration Tester Jobs (NOW HIRING)

Proficiency in web application security principles (e.g., OWASP). * Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques. * Experience with penetration testing ...

New

Summary: The Senior Penetration Tester will independently perform penetration testing of ... Knowledge of databases, applications, and Web server design and implementation * Possess oral and ...

Senior Penetration Tester

Washington, DC · On-site

$145K - $180K/yr

Senior Penetration Tester Pay Type : SALARIED EXEMPT Location : Hybrid, Washington, DC US ... Maintain advanced knowledge of networking, cryptography, reverse engineering, web applications ...

Penetration Tester Duration: 6+ months Location: Columbia, SC Function: Works under general ... Ensures the integration of the web servers and all other supporting systems by using message based ...

Dark Wolf is looking for a Penetration Tester who will plan and perform continuous cross-domain ... Amazon Web Services, Microsoft Azure, Google Cloud Platform * Moderate competency in at least one ...

Strong grasp of networking, TCP/IP, virtualization, containerization, and web services * In-depth understanding of OWASP Top 10, DoD, NSA, or industry-standard Vulnerability and Penetration Testing ...

Summary: The Senior Penetration Tester will independently perform penetration testing of ... Knowledge of databases, applications, and Web server design and implementation * Possess oral and ...

Ensures the integration of the web servers and all other supporting systems by using message based ... PERFORM PENETRATION TESTING ON SCDOT PUBLIC FACING WEBPAGES AND VULNERABILITY SCANNING ON EXTERNAL ...

Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications.

next page

Showing results 1-20

Web Penetration Tester information

See salary details

$22.5K

$119.9K

$168.5K

How much do web penetration tester jobs pay per year?

As of Jul 16, 2026, the average yearly pay for web penetration tester in the United States is $119,895.00, according to ZipRecruiter salary data. Most workers in this role earn between $96,000.00 and $141,000.00 per year, depending on experience, location, and employer.

What is a Web Penetration Tester job?

A Web Penetration Tester is a cybersecurity professional who evaluates the security of web applications by simulating cyberattacks. They identify vulnerabilities, exploit weaknesses, and provide recommendations to improve security. Their goal is to protect web systems from threats like SQL injection, cross-site scripting (XSS), and authentication flaws. This role requires expertise in ethical hacking, scripting, and security tools such as Burp Suite and OWASP ZAP.

What are the key skills and qualifications needed to thrive in the Web Penetration Tester position, and why are they important?

To thrive as a Web Penetration Tester, you need a solid background in cybersecurity principles, web application architecture, and vulnerability assessment, often supported by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and relevant certifications such as OSCP or CEH are highly valued. Strong analytical thinking, effective communication, and meticulous attention to detail set candidates apart in this profession. These skills ensure that testers can identify critical security flaws while clearly conveying technical risks to both technical teams and non-technical stakeholders, effectively strengthening organizational cybersecurity.

What are some of the main challenges faced by Web Penetration Testers in their daily work?

Web Penetration Testers often face the challenge of keeping up with rapidly evolving web technologies and an ever-changing threat landscape. They must carefully balance thorough testing with tight project deadlines, ensuring their work uncovers both common and obscure security vulnerabilities. Collaborating with development and operations teams can require clear communication to explain findings and foster a security-oriented culture. The role can also involve continual learning and adapting to new tools, methodologies, and compliance requirements.

More about Web Penetration Tester jobs
What are the most commonly searched types of Web Penetration Tester jobs? The most popular types of Web Penetration Tester jobs are:
What states have the most Web Penetration Tester jobs? States with the most job openings for Web Penetration Tester jobs include:
Infographic showing various Web Penetration Tester job openings in the United States as of July 2026, with employment types broken down into 96% Full Time, 2% Part Time, and 2% Contract. Highlights an 83% Physical, 2% Hybrid, and 15% Remote job distribution, with an average salary of $119,895 per year, or $57.6 per hour.
NIH - Penetration Tester

NIH - Penetration Tester

cFocus Software Incorporated

Bethesda, MD • Remote

Full-time

This job post has expired 1 day ago. Applications are no longer accepted.


Job description

cFocus Software seeks a Penetration Tester to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years of experience conducting penetration testing or offensive cybersecurity operations.
  • Experience performing enterprise penetration testing.
  • Experience with network and application security assessments.
  • Experience documenting technical security findings.
  • Ability to obtain and maintain NIH suitability/background investigation.
  • Active OSCP, OSEP, GPEN, GXPN, CEH, PenTest+, or CISSP

Duties:
  • Conduct enterprise penetration testing activities including:
    • Perform internal and external network penetration testing.
    • Conduct web application penetration testing.
    • Execute infrastructure security testing.
    • Perform cloud penetration testing.
    • Conduct operating system security assessments.
    • Perform wireless security testing.
    • Assess Active Directory security.
    • Conduct application security testing.
    • Simulate real-world cyberattacks using industry-standard offensive security methodologies.
    • Perform controlled exploitation activities to identify security weaknesses.
    • Validate effectiveness of implemented security controls.
    • Identify attack paths and privilege escalation opportunities.
    • Document technical findings and supporting evidence.
  • Prepare comprehensive penetration testing plans
  • Provide Red Team Support

Powered by JazzHR

0YDaiIeTpZ