Penetration Tester

Penetration Tester Location: WTW, Taguig, National Capital Region, Philippines Description A penetration tester is responsible for assessing the security of web applications and their underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. The role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation. The role works closely with the Penetration Testing team, business units and other cyber teams. The Role Vulnerability Assessment: Conduct comprehensive assessments of web applications and infrastructure to identify security vulnerabilities such as XSS, SQL injection, authentication flaws, insecure configurations and more. Penetration Testing: Perform controlled attacks on web applications, APIs, and infrastructure using techniques, tools, and methodologies to exploit vulnerabilities. Security Analysis: Analyze results to assess severity, impact, and likelihood of exploitation. Reporting and Documentation: Prepare detailed reports that document findings, attack vectors, and remediation recommendations. Remediation Support: Collaborate with developers and system administrators to assist in remediation and validate fixes. Stay Up to Date: Keep abreast of the latest vulnerabilities, attack techniques, tools, and industry best practices. Ethical Approach: Conduct all testing within a legal and ethical framework, ensuring no harm to the organization’s systems and data. Continuous Improvement: Engage in professional development through conferences, training, and certifications to enhance cybersecurity knowledge. Qualifications Minimum Criteria Education: Bachelor’s degree in computer science, information security, or a related field (preferred; equivalent industry experience may compensate). Technical Knowledge: Strong understanding of web technologies, programming languages (HTML, CSS, JavaScript, PHP, Python), web application architecture, networking, operating systems, and databases. Skills Web Application Security: In-depth knowledge of vulnerabilities and mitigation strategies, strong understanding of OWASP Top 10. Infrastructure Security: Knowledge of on‑prem and cloud builds (IaaS, PaaS, SaaS) and operating system vulnerabilities. Penetration Testing Techniques: Proficiency with testing methodologies, tools, frameworks; experience with manual testing, automated scanners, and exploit frameworks. Programming and Scripting: Proficiency in at least one language (Python, Ruby, JavaScript, etc.) and SQL queries for database testing. Analytical and Problem‑Solving Skills: Ability to analyze complex environments, identify vulnerabilities, and recommend countermeasures. Relevant Certifications CEH – Certified Ethical Hacker OSCP – Offensive Security Certified Professional GPEN – GIAC Penetration Tester PNPT – Practical Network Penetration Tester Burp Suite Certified Practitioner eWAPT/eWAPTx – eLearning Web Application Penetration Tester WTW is an Equal Opportunity Employer Seniority Level Entry level Employment Type Full-time Job Function Information Technology #J-18808-Ljbffr