I would say that security is part of the compulsory skillset for a web developer, d. H. Understand what kind of attacks a web application is exposed to so that it can design and implement them to survive.
There is a considerable overlap between this knowledge and the penetration test, so a good web developer should be basic able to perform basic penetration tests.
However, it is a very complex issue, and someone who specializes in penetration testing will be able to accomplish this task much better. It covers not only potential vulnerabilities in the application, but also the operating system and the network infrastructure, areas that a web developer can not expect to have the same depth of knowledge in.
And, of course, as others have pointed out, it is psychologically counterproductive for the person who has developed a system that is prone to finding mistakes.