Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct penetration testing and identify security vulnerabilities in applications.
- Company: Join Cognizant, a leader in quality engineering and assurance.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Why this job: Make a real impact by enhancing security for diverse clients across industries.
- Qualifications: Must have CREST certification and hands-on penetration testing experience.
- Other info: Dynamic team environment with a focus on continuous improvement and innovation.
The predicted salary is between 36000 - 60000 £ per year.
Role will be part of our Quality Engineering & Assurance (QE&A) Practice. With more than 650 clients across industry verticals and a global footprint, Cognizant QE&A practice is a recognized thought leader in quality engineering and assurance. As enterprises simplify, modernize and secure their legacy environments for the digital era, robust quality engineering and assurance is essential. Quality takes an end-to-end connotation and must straddle both legacy and digital systems. Cognizant QE&A is reimagining QE&A, employing an end-to-end ecosystem approach with intelligent and automated QA processes. In so doing, increasing quality and speed to promote faster business and technology change, as well as a better customer experience.
Key Responsibilities:
- Gather security requirements and define penetration testing scope by reviewing design and interface documents.
- Prepare detailed test plans, scenarios, and rules of engagement aligned with CREST and OWASP standards.
- Conduct API penetration testing (REST, GraphQL, SOAP) focusing on authentication, authorization, and business logic flaws.
- Perform UI/Web application penetration testing for vulnerabilities such as XSS, CSRF, SQL Injection, and session management issues.
- Identify and document security issues with clear reproduction steps, evidence, and remediation recommendations.
- Raise defects in tracking tools and collaborate with development teams for timely resolution.
- Provide regular status updates to stakeholders and escalate risks or challenges proactively.
- Prepare comprehensive test reports including executive summaries, technical details, and risk ratings (CVSS).
- Support re-testing after fixes and validate remediation effectiveness.
- Ensure compliance with industry standards (OWASP ASVS, API Top 10, ISO 27001, PCI-DSS).
- Recommend security best practices and contribute to continuous improvement of testing methodologies.
- Maintain strong documentation and communication throughout the engagement lifecycle.
Required Skills & Certifications:
- CREST certification (CRT/CPT/CPSA or equivalent) is a must.
- Penetration Testing Expertise – Strong hands-on experience in API and UI/Web application penetration testing.
- Security Standards Knowledge – OWASP Top 10, OWASP API Top 10, ASVS, CVSS scoring, and CREST methodologies.
- Tools Proficiency – Burp Suite Pro, OWASP ZAP, Postman, SoapUI, Nmap, Metasploit, SQLMap, jwt-tool, Kali Linux toolset.
- API Security – REST/GraphQL/SOAP testing, OAuth2/OIDC, JWT handling, rate limiting, and authorization flaws (BOLA/BFLA).
- Web Application Security – XSS, CSRF, SQL Injection, Clickjacking, session management, CSP/CORS issues.
- Documentation & Reporting – Ability to create detailed test plans, risk logs, and clear vulnerability reports.
- Compliance Awareness – Familiarity with ISO 27001, PCI-DSS, NIST guidelines.
Security / Penetration Testing Engineer – London employer: Cognizant
Contact Detail:
Cognizant Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security / Penetration Testing Engineer – London
✨Tip Number 1
Network like a pro! Attend industry meetups, webinars, or conferences related to security and penetration testing. It's a great way to meet potential employers and get your name out there.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your penetration testing projects or any relevant work. This can really set you apart from the crowd when you're chatting with hiring managers.
✨Tip Number 3
Don’t just apply – engage! When you find a job on our website, reach out to someone in the company on LinkedIn. A friendly message can go a long way in making you memorable.
✨Tip Number 4
Prepare for interviews by brushing up on common penetration testing scenarios and tools. Be ready to discuss your experience with OWASP standards and how you've tackled security challenges in the past.
We think you need these skills to ace Security / Penetration Testing Engineer – London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Security / Penetration Testing Engineer role. Highlight your relevant experience, especially with API and UI/Web application penetration testing, and don’t forget to mention your CREST certification!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about quality engineering and assurance. Mention specific tools you’ve used like Burp Suite Pro or OWASP ZAP, and how they relate to the job.
Showcase Your Skills: In your application, be sure to showcase your hands-on experience with security standards and methodologies. Talk about your familiarity with OWASP Top 10 and how you’ve applied this knowledge in past roles.
Apply Through Our Website: We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you’ll be able to keep track of your application status directly!
How to prepare for a job interview at Cognizant
✨Know Your Stuff
Make sure you brush up on your penetration testing skills, especially around API and UI/Web application testing. Familiarise yourself with the OWASP Top 10 and other security standards mentioned in the job description. Being able to discuss these topics confidently will show that you're serious about the role.
✨Prepare Your Test Plans
Before the interview, think about how you would approach creating test plans and scenarios. Be ready to explain your thought process and how you align with CREST and OWASP standards. This will demonstrate your practical knowledge and problem-solving skills.
✨Showcase Your Tools Proficiency
Get comfortable talking about the tools listed in the job description, like Burp Suite Pro and OWASP ZAP. If you've used them in past projects, share specific examples of how they helped you identify vulnerabilities. This will highlight your hands-on experience.
✨Communicate Clearly
During the interview, focus on clear communication. Practice explaining complex security issues in simple terms, as you'll need to document and report findings effectively in the role. Good communication can set you apart from other candidates.
