Penetration Testing and Offensive Security Engineer

As a Penetration Testing & Offensive Security Engineer at GSPANN, your role involves conducting in-depth application security testing and offensive security assessments. You will focus on identifying, exploiting, and reporting vulnerabilities while supporting remediation and risk reduction. **Role Overview:** - Lead scoping calls to confirm testing timelines, prerequisites, and overall test readiness. - Execute penetration tests using Burp Suite Pro, supported Invicti scans, and custom-built scripts. - Identify, exploit, and document vulnerabilities with clear Proof of Concept (PoC) and post-exploitation analysis. - Configure and run Dynamic Application Security Testing (DAST) scans while maintaining test plans, scripts, and reports. - Prepare detailed technical and executive-level reports in client-approved formats and conduct walkthroughs with application teams. - Create remediation tickets in Jira, validate fixes, perform retesting, and close findings with supporting evidence. - Upload assessment reports and findings to Apiiro, manage the vulnerability lifecycle, and track remediation against defined Service Level Agreements (SLAs). **Qualifications Required:** - 6-8 years of experience in offensive security, Vulnerability Assessment and Penetration Testing (VAPT), or application penetration testing. - Hands-on expertise with Burp Suite Pro, Invicti, and OWASP testing tools. - Strong experience in Application Programming Interface (API) testing using tools such as Postman. - Proven ability to produce high-quality security reports and communicate findings effectively to technical and business stakeholders. - Working knowledge of OWASP Application Security Verification Standard (ASVS), Mobile Application Security Verification Standard (MASVS), and OWASP Top 10 vulnerabilities. As a Penetration Testing & Offensive Security Engineer at GSPANN, your role involves conducting in-depth application security testing and offensive security assessments. You will focus on identifying, exploiting, and reporting vulnerabilities while supporting remediation and risk reduction. **Role Overview:** - Lead scoping calls to confirm testing timelines, prerequisites, and overall test readiness. - Execute penetration tests using Burp Suite Pro, supported Invicti scans, and custom-built scripts. - Identify, exploit, and document vulnerabilities with clear Proof of Concept (PoC) and post-exploitation analysis. - Configure and run Dynamic Application Security Testing (DAST) scans while maintaining test plans, scripts, and reports. - Prepare detailed technical and executive-level reports in client-approved formats and conduct walkthroughs with application teams. - Create remediation tickets in Jira, validate fixes, perform retesting, and close findings with supporting evidence. - Upload assessment reports and findings to Apiiro, manage the vulnerability lifecycle, and track remediation against defined Service Level Agreements (SLAs). **Qualifications Required:** - 6-8 years of experience in offensive security, Vulnerability Assessment and Penetration Testing (VAPT), or application penetration testing. - Hands-on expertise with Burp Suite Pro, Invicti, and OWASP testing tools. - Strong experience in Application Programming Interface (API) testing using tools such as Postman. - Proven ability to produce high-quality security reports and communicate findings effectively to technical and business stakeholders. - Working knowledge of OWASP Application Security Verification Standard (ASVS), Mobile Application Security Verification Standard (MASVS), and OWASP Top 10 vulnerabilities.