Penetration Testing and Offensive Security Engineer

Burp Suite ProInvictiApiiro Application Security Posture Management (ASPM)JiraOWASP Tools (ZAP, etc.)Postman

Description

GSPANN is hiring a Penetration Testing & Offensive Security Engineer to conduct in-depth application security testing and offensive security assessments. The role focuses on identifying, exploiting, and reporting vulnerabilities while supporting remediation and risk reduction.

Roles and Responsibilities

  • Lead scoping calls to confirm testing timelines, prerequisites, and overall test readiness.
  • Execute penetration tests using Burp Suite Pro, supported Invicti scans, and custom-built scripts.
  • Identify, exploit, and document vulnerabilities with clear Proof of Concept (PoC) and post-exploitation analysis.
  • Configure and run Dynamic Application Security Testing (DAST) scans while maintaining test plans, scripts, and reports.
  • Prepare detailed technical and executive-level reports in client-approved formats and conduct walkthroughs with application teams.
  • Create remediation tickets in Jira, validate fixes, perform retesting, and close findings with supporting evidence.
  • Upload assessment reports and findings to Apiiro, manage the vulnerability lifecycle, and track remediation against defined Service Level Agreements (SLAs).

Skills and Experience

  • 6-8 years of experience in offensive security, Vulnerability Assessment and Penetration Testing (VAPT), or application penetration testing.
  • Hands-on expertise with Burp Suite Pro, Invicti, and OWASP testing tools.
  • Strong experience in Application Programming Interface (API) testing using tools such as Postman.
  • Proven ability to produce high-quality security reports and communicate findings effectively to technical and business stakeholders.
  • Working knowledge of OWASP Application Security Verification Standard (ASVS), Mobile Application Security Verification Standard (MASVS), and OWASP Top 10 vulnerabilities

Apply Now

PDF or DOCX up to 5MB