🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
WTW
Role & seniority: Penetration tester; seniority level not specified.
Stack/tools: Web application and infrastructure penetration testing; uses security tools, methodologies, and collaboration with developers, sysadmins, and other security teams.
Conduct vulnerability assessments of web apps and infrastructure to identify security weaknesses.
Perform controlled penetration tests (web apps, APIs, infrastructure) and simulate real-world attacks.
Analyze test results, report findings with risk and remediation guidance, and assist with remediation validation.
Strong technical knowledge of web application and infrastructure security testing.
Ability to collaborate across teams and communicate findings clearly.
Ethical, legal approach to testing and staying current with threats and best practices.
Certifications or ongoing professional development in cybersecurity.
Experience within a global, multi-disciplinary security community.
Location & work type: Location not specified; work type not specified.
A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
We are looking for a collaborative team player, with a good technical knowledge in web application and infrastructure penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business. The Role
Vulnerability Assessment: Conducting comprehensive assessments of web applications and Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server.
Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.
Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.