×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Security​/Penetration Testing Engineer

Job in London, Greater London, W1B, England, UK
Listing for: Cognizant
Full Time position
Listed on 2026-07-04
Job specializations:
  • Security
    Cybersecurity
Job Description & How to Apply Below
Position: Security / Penetration Testing Engineer

Security / Penetration Testing Engineer – London

Role will be part of our Quality Engineering & Assurance (QE&A) Practice. With more than 650 clients across industry verticals and a global footprint, Cognizant QE&A practice is a recognized thought leader in quality engineering and Assurance. As enterprises simplify, modernize and secure their legacy environments for the digital era, robust quality Engineering and assurance is essential. Quality takes an end-to-end connotation and must straddle both legacy and digital systems.

Cognizant QE&A is reimagining QE&A, employing an end-to-end ecosystem approach with intelligent and automated QA processes. In so doing, increasing quality and speed to promote faster business and technology change, as well as a better customer experience.

Key Responsibilities
  • Gather security requirements and define penetration testing scope by reviewing design and interface documents.
  • Prepare detailed test plans, scenarios, and rules of engagement aligned with CREST and OWASP standards.
  • Conduct API penetration testing (REST, GraphQL, SOAP) focusing on authentication, authorization, and business logic flaws.
  • Perform UI/Web application penetration testing for vulnerabilities such as XSS, CSRF, SQL Injection, and session management issues.
  • Identify and document security issues with clear reproduction steps, evidence, and remediation recommendations.
  • Raise defects in tracking tools and collaborate with development teams for timely resolution.
  • Provide regular status updates to stakeholders and elevate risks or challenges proactively.
  • Prepare comprehensive test reports including executive summaries, technical details, and risk ratings (CVSS).
  • Support re‑testing after fixes and validate remediation effectiveness.
  • Ensure compliance with industry standards (OWASP ASVS, API Top 10, ISO 27001, PCI‑DSS).
  • Recommend security best practices and contribute to continuous improvement of testing methodologies.
  • Maintain strong documentation and communication throughout the engagement lifecycle.
Required Skills & Certifications
  • CREST certification (CRT/CPT/CPSA or equivalent) is a must.
  • Penetration Testing Expertise – Strong hands‑on experience in API and UI/Web application penetration testing.
  • Security Standards Knowledge – OWASP Top 10, OWASP API Top 10, ASVS, CVSS scoring, and CREST methodologies.
  • API Security – REST/GraphQL/SOAP testing, OAuth2/OIDC, JWT handling, rate limiting, and authorization flaws (BOLA/BFLA).
  • Web Application Security – XSS, CSRF, SQL Injection, Clickjacking, session management, CSP/CORS issues.
  • Documentation & Reporting – Ability to create detailed test plans, risk logs, and clear vulnerability reports.
  • Compliance Awareness – Familiarity with ISO 27001, PCI‑DSS, NIST guidelines.
Seniority Level
  • Associate
Employment Type
  • Full‑time
Job Function
  • Information Technology
Industries
  • IT Services and IT Consulting
#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary