Penetration Testing & Offensive Security Engineer

Role Overview: As a Penetration Testing & Offensive Security Engineer (Web/Mobile/API) at GSPANN, your role involves performing penetration tests on web, mobile, and API applications, configuring and running DAST where necessary, producing comprehensive reports, and driving remediation, retest, and executive communication. Key Responsibilities: - Conduct scoping calls to confirm timelines and prerequisites, ensuring test readiness. - Execute penetration tests using tools like Burp Suite Pro, Invicti, and custom scripts. - Identify, exploit, and document vulnerabilities with proof of concept (PoC) and conduct post-exploitation analysis. - Configure and run DAST scans, maintain test plans, scripts, and reports. - Prepare detailed technical and executive reports in client format, conduct walkthroughs with application teams. - Create Jira tickets, validate fixes, retest, and close with evidence. - Upload reports to Apiiro, manage findings lifecycle, and adhere to SLAs. Qualification Required: - 6 to 8+ years of experience in offensive security/VAPT. - Proficiency in tools such as Burp Suite Pro, Invicti, OWASP tooling, and API testing with Postman. - Strong reporting and stakeholder communication skills. - Familiarity with OWASP ASVS/MASVS and OWASP Top 10. Additional Details: GSPANN, headquartered in California, U.S.A., is a consulting and IT services company that helps global clients optimize their IT capabilities. With five global delivery centers and over 2000 employees, GSPANN provides a boutique consultancy experience with the capabilities of a large IT services firm. The company emphasizes co-creation with clients and encourages a culture of continuous learning, innovation, and community service. Join GSPANN to co-create innovative technology solutions, accelerate your learning, feel included in a diverse environment, inspire and be inspired by talented colleagues, celebrate successes together, and contribute to positive social change. Let's Co-create at GSPANN! Role Overview: As a Penetration Testing & Offensive Security Engineer (Web/Mobile/API) at GSPANN, your role involves performing penetration tests on web, mobile, and API applications, configuring and running DAST where necessary, producing comprehensive reports, and driving remediation, retest, and executive communication. Key Responsibilities: - Conduct scoping calls to confirm timelines and prerequisites, ensuring test readiness. - Execute penetration tests using tools like Burp Suite Pro, Invicti, and custom scripts. - Identify, exploit, and document vulnerabilities with proof of concept (PoC) and conduct post-exploitation analysis. - Configure and run DAST scans, maintain test plans, scripts, and reports. - Prepare detailed technical and executive reports in client format, conduct walkthroughs with application teams. - Create Jira tickets, validate fixes, retest, and close with evidence. - Upload reports to Apiiro, manage findings lifecycle, and adhere to SLAs. Qualification Required: - 6 to 8+ years of experience in offensive security/VAPT. - Proficiency in tools such as Burp Suite Pro, Invicti, OWASP tooling, and API testing with Postman. - Strong reporting and stakeholder communication skills. - Familiarity with OWASP ASVS/MASVS and OWASP Top 10. Additional Details: GSPANN, headquartered in California, U.S.A., is a consulting and IT services company that helps global clients optimize their IT capabilities. With five global delivery centers and over 2000 employees, GSPANN provides a boutique consultancy experience with the capabilities of a large IT services firm. The company emphasizes co-creation with clients and encourages a culture of continuous learning, innovation, and community service. Join GSPANN to co-create innovative technology solutions, accelerate your learning, feel included in a diverse environment, inspire and be inspired by talented colleagues, celebrate successes together, and contribute to positive social change. Let's Co-create at GSPANN!