Share this Job

Web Application Penetration Tester

Date: Nov 20, 2022

Location: Remote - Canada, CA Calgary, AB, CA, T2R-0E4 Ottawa, ON, CA, K2E-7W5 Toronto, ON, CA, M2P-2B7 Moncton, New Brunswick, CA, E1E-4R5 Vancouver, British Columbia, CA, V6J-4Y3 Regina, SK, CA, S4S-6X3 Edmonton, AB, CA, T6E-6A8 Saskatoon, SK, CA, S7H-0W5 Kitchener, ON, CA, N2G-1H6 Winnipeg, MB, CA, R3C-3P1

Company: Wawanesa Insurance


We’re proud to give our employees the flexibility to choose how and where they want to work. In this role, you can decide whether your preference is to work from home (remote), work from the office or a hybrid of time spent at both. You may work from any of the following locations: British Columbia, Alberta, Saskatchewan, Manitoba, Ontario, New Brunswick, Nova Scotia, Prince Edward Island, Newfoundland & Labrador and/or the Yukon.

The Wawanesa Mutual Insurance Company, founded in 1896, is Canada’s largest mutual insurer, with $3.9 billion in annual revenue and assets of $10.5 billion. Wawanesa Mutual, with executive offices in Winnipeg, is the parent company of Wawanesa General, which offers property and casualty insurance in California and Oregon; Wawanesa Life, which provides life insurance products and services throughout Canada; and Western Financial Group, which distributes personal and business insurance across Western Canada. With more than 5,700 employees, Wawanesa proudly serves more than two million policyholders in Canada and the United States. Wawanesa is thrilled to be named one of Canada’s Best Employers by Forbes for 2022. This certification recognizes us as a leading employer and reinforces that we’re a company that values our people for who they are and the work they do to support our customers, communities, and brokers. Wawanesa is also a Manitoba Top Employer for 2022 recognizing that we are an exceptional place to work. Wawanesa actively gives back to organizations that strengthen communities where it operates, donating well above internationally recognized benchmarks for excellence in corporate philanthropy.

We are currently looking for dedicated, driven, and enthusiastic individuals who thrive in an environment that welcomes change and are looking for an opportunity for diverse experience and advancement on a growing team.


Job Overview

The Web Application Penetration Tester role will contribute to Wawanesa’s success by helping to deliver security testing services to our enterprise client groups.  This role will ensure that Wawanesa’s internally-developed web applications and APIs are free of design flaws or vulnerabilities prior to their release.


The successful candidate will be responsible for carrying out manual and automated evaluations of new code releases, as well as major changes to existing web applications. This includes meeting with stakeholders to plan engagements and providing detailed formal reports upon conclusion of testing. The selected candidate will be expected to work independently but also integrate with a broader security team in order to continuously improve Wawanesa’s security overall posture. 


The desired candidate will be conversant in, and adhere to, the highest ethical standards. They will be knowledgeable of industry standards and best practices with respect to web application pen testing, and information security in general.


Job Responsibilities:

  • Perform evaluations of client systems, web applications, APIs and their supporting networks to discover vulnerabilities
  • Configure, run, and monitor automated security testing tools
  • Thoroughly document exploit chain/proof of concept scenarios for internal client consumption
  • Assist clients with the design, implementation, and/or monitor security measures for the protection of web applications
  • Identify, define, and/or implement system security requirements for external and internal facing web applications
  • Assist with vulnerability risk assessments
  • Assist with policy/rule review of enterprise Web Application Firewalls
  • Perform role in cyber incident response as required
  • Generate reports based on test findings.
  • Perform other duties as assigned.


  • Bachelor’s degree in computer science, an analytical discipline or equivalent experience
  • 1 or more years of web application security testing experience 
  • Knowledge of Web application vulnerabilities and security considerations
  • Working knowledge of industry standard technical security controls
  • Familiarity with vulnerability assessment and penetration best practices
  • Experience with the following:
    • vulnerability and penetration testing techniques and tools
    • Burp Suite
    • testing web and mobile platforms
    • working with markup, scripting, and programming languages such as HTML, XML, JavaScript, PHP, Perl, Python, Bash, ASP, C++, C#, Java, and .NET
  • Possess or working towards one of the following certifications:
    • GIAC Penetration Tester (GPEN)
    • GIAC Web Application Penetration Tester (GWAPT)
    • GIAC Certified Incident Handler (GCIH)
    • Offensive Security Certified Expert (OSCE)
    • Offensive Security Certified Professional (OSCP)
  • Must have an ability to communicate effectively, both verbally and in writing, to interact effectively with internal teams (such as developers, project team members, and management) to build relationships and use facilitation skills with both technical and non-technical personnel.
  • Ability to work independently and within a team
  • Knowledge of and experience in the insurance industry is considered an asset


Wawanesa provides its employees with a respectful, challenging and rewarding environment where they can maximize their potential while contributing to the company’s goals. Our full-time permanent employees are provided with highly competitive compensation packages (salaries, generous vacation allowance, leave top up, annual bonus plan, premium free benefits and a pension plan). Wawanesa provides a stable environment for its employees in today’s challenging markets. 

Wawanesa is an equal opportunity employer and is committed to fostering a diverse workforce that is equitable and inclusive for all. Wawanesa provides equal employment opportunity to all employees and applicants without regard to an individual’s protected status: race/ethnicity, colour, religion, creed, sex or gender, sexual orientation, gender identity or expression, family or marital status, pregnancy/childbirth or related conditions, national origin, disability, military or veteran status, or any other protected status. Accommodations are available upon request throughout all aspects of the selection process. Candidates requiring accommodations may contact, in confidence,


If you are interested in this exciting, challenging position with Wawanesa, apply today with your Resume.

All Wawanesa job applicants are subject to Wawanesa's Privacy Policy.