ZipRecruiter

Log In

1

Web Penetration Testing Jobs (NOW HIRING)

Koniag, Inc.

Penetration Testing Lead

Warrenton, VA · On-site

GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:

kgs

Penetration Testing Lead

Atlantic City, NJ

GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:

kgs

Penetration Testing Lead

Oklahoma City, OK · On-site

GIAC Web Application Penetration Tester (GWAPT) * GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) * GIAC Assessing and Auditing Wireless Networks (GAWN) Blue Teaming Certifications:

Gemini

Penetration Tester

Charlotte, NC

... penetration testing tools Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization.

Tekskills

Security Tester

Sunnyvale, CA · On-site

Good knowledge of Secure code Analysis and Web penetration testing. Good experience in HP Fortify and WebInspect tool. Top 3 responsibilities you would expect the Subcon to shoulder and execute:

Peraton

Penetration Tester

Arlington, VA · On-site

$86K - $138K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

Peraton

Penetration Tester

Arlington, VA · On-site

$86K - $138K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

Peraton

Penetration Tester

Arlington, VA · On-site

$86K - $138K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

Peraton

Penetration Tester

Arlington, VA

$86K - $138K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

Peraton

Penetration Tester

Arlington, VA

$86K - $138K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

SkyePoint Decisions

Penetration Tester

Arlington, VA

$95K - $112K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

Peraton

Penetration Tester

Arlington, VA · On-site

$86K - $138K/yr

... Web Security Testing Guide (WTG), etc. * Demonstrated ability to lead a penetration test and guide Senior/Junior Penetration Testers. * U.S. citizenship required. * An active Secret security ...

next page

Showing results 1-20

People also search for

All JobsWeb Penetration Testing Jobs

Web Penetration Testing information

See salary details

$11

$59

$86

How much do web penetration testing jobs pay per hour?

As of May 29, 2026, the average hourly pay for web penetration testing in the United States is $59.01, according to ZipRecruiter salary data. Most workers in this role earn between $51.20 and $66.83 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Web Penetration Tester, and why are they important?

To excel as a Web Penetration Tester, you need a solid understanding of web application security, networking protocols, and common vulnerabilities, often supported by a degree in computer science or a related field. Familiarity with tools like Burp Suite, OWASP ZAP, Metasploit, and relevant certifications such as OSCP or CEH is typically required. Strong analytical thinking, attention to detail, and effective communication skills help testers identify risks and clearly report findings to technical and non-technical stakeholders. These competencies are crucial for uncovering security flaws, ensuring robust defenses, and helping organizations mitigate potential cyber threats.

What are some common challenges faced by web penetration testers during assessments, and how can they be addressed?

Web penetration testers often encounter challenges such as limited access to required testing environments, incomplete or outdated documentation, and rapidly evolving web technologies that demand continuous learning. Additionally, testers must balance thoroughness with time constraints and ensure clear communication with development and security teams. Addressing these challenges involves proactive coordination with stakeholders, staying updated with industry tools and vulnerabilities, and maintaining detailed, well-structured reporting to facilitate remediation and collaboration.

What is web penetration testing?

Web penetration testing is a security assessment process where ethical hackers simulate cyberattacks on a website or web application to identify vulnerabilities and weaknesses. The goal is to find and fix security flaws before malicious hackers can exploit them. This process involves testing for issues such as SQL injection, cross-site scripting (XSS), authentication problems, and insecure configurations. The results help organizations strengthen their web security and protect sensitive data from breaches.

What is the difference between Web Penetration Testing vs Web Security Analyst?

AspectWeb Penetration TestingWeb Security Analyst
CertificationsOSCP, CEH, GPENCISSP, CISA, GIAC
Work EnvironmentHands-on testing, simulated attacksMonitoring, policy development, incident response
Employer & Industry UsageCybersecurity firms, tech companies, consultingCorporate IT, financial institutions, government agencies

Web Penetration Testing focuses on actively identifying vulnerabilities through simulated attacks, while Web Security Analysts monitor and improve security measures, analyze threats, and respond to incidents. Both roles require cybersecurity certifications but differ in their approach and daily tasks.

More about Web Penetration Testing jobs
What cities are hiring for Web Penetration Testing jobs? Cities with the most Web Penetration Testing job openings:
What states have the most Web Penetration Testing jobs? States with the most job openings for Web Penetration Testing jobs include:
What job categories do people searching Web Penetration Testing jobs look for? The top searched job categories for Web Penetration Testing jobs are:
Web Penetration Testing jobs near you
Penetration Testing Lead

Penetration Testing Lead

Koniag, Inc.

Warrenton, VA • On-site

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 7 days ago

Job description

Koniag IT Systems, LLC, a Koniag Government Services company, is seeking a Penetration Testing Lead to support KITS and our government customer in Washington, DC. This position is for a Future New Business Opportunity.
The customer may need support as needed at other locations: Warrenton, VA, Atlantic City, NJ, Melbourne, FL, Oklahoma, OK and Leesburg, VA.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
We are seeking an experienced Penetration Testing Lead to conduct advanced penetration testing activities, simulate cyberattacks, and evaluate the security posture of systems, networks, and applications. The Penetration Testing Lead will analyze vulnerabilities, identify gaps in IT security policies and configurations, and deliver actionable recommendations to reduce organizational cyber risk. This role requires a highly technical leader with demonstrated experience in offensive and defensive cybersecurity operations and penetration testing methodologies.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
  • Perform penetration testing and vulnerability assessments of systems, networks, and applications.
  • Provide detailed analysis of discovered vulnerabilities, gaps, and risks, including assessment of patching and mitigation strategies.
  • Act as an ethical attacker (red team) to simulate cyber intrusions, or as defensive cybersecurity personnel (blue team) to strengthen system resilience.
  • Develop penetration testing Rules of Engagement (ROE), test plans, and reports.
  • Execute tests in alignment with specifications, requirements, and cybersecurity guidance.
  • Provide technical expertise on penetration testing tools, cyber ranges, and simulation environments.
  • Recommend remediation actions to lower overall risk exposure.
  • Lead, supervise, and coordinate penetration testing teams and activities.

Required Qualifications:
  • Bachelor's degree in Cyber Security, Computer Science, Information Technology, Engineering, Mathematics, or Physics from an accredited institution.
  • Eight (8) years of experience performing penetration testing or related responsibilities described in this position.
  • At least two (2) years of relevant experience must be recent (performed within the last three years).
  • Five (5) years of management and supervisory experience within the required experience timeframe
  • Two (2) of those five (5) years must have been in a lead role.
  • At least one (1) of the following Red Teaming or Blue Teaming certifications:

Red Teaming Certifications:
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Wireless Professional (OSWP)
  • Offensive Security Web Expert (OSWE)
  • Certified Ethical Hacker (CEH)
  • EC Council Certified Security Analyst (ECSA)
  • CEH Practical
  • ECSA Practical
  • Licensed Penetration Tester (LPT) Master
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • GIAC Assessing and Auditing Wireless Networks (GAWN)

Blue Teaming Certifications:
  • Certified Network Defender (CND)
  • Certified Network Defense Architect (CNDA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Defending Advanced Threats (GDAT)
  • GIAC Defensible Security Architecture (GDSA)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified Forensic Analyst (GCFA)

Preferred Qualifications:
  • Experience supporting federal agencies or regulated cybersecurity environments.
  • Knowledge of NIST security controls, RMF, cyber ranges, and penetration testing methodologies.
  • Strong communication, reporting, and documentation skills.

Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
Koniag logo

About Koniag

Sourced by ZipRecruiter

Industry

Investment management and consulting services

Company size

501 - 1,000 Employees

Headquarters location

Kodiak, AK, US

Year founded

1972

Social media

Facebook

View All Koniag Jobs

Apply