Invicti, Apiiro Application Security Posture Management (ASPM), Jira, Zerocopter, Jira, CVSS Calculators, Content Management Systems (CMS) for Public Pages
Description
GSPANN is hiring a DAST Platform Operations & Vulnerability Disclosure (VDP) Coordinator to manage dynamic application security testing and vulnerability disclosure operations. The role focuses on configuring security scanning platforms, validating findings, and coordinating responsible vulnerability disclosure.
Location: Gurugram / Hyderabad
Role Type: Full Time
Published On: 23 December 2025
Experience: 4 - 6 Years
Share this job
Description
GSPANN is hiring a DAST Platform Operations & Vulnerability Disclosure (VDP) Coordinator to manage dynamic application security testing and vulnerability disclosure operations. The role focuses on configuring security scanning platforms, validating findings, and coordinating responsible vulnerability disclosure.
Role and Responsibilities
- Configure Invicti by setting up scan templates, authentication profiles, and authorization rules.
- Align security scanning policies with Carlsberg risk tiers and manage Apiiro integrations, access controls, and license administration.
- Onboard applications into the security scanning program and define endpoint scope.
- Configure authenticated scans and validate safe configurations before registering applications in Apiiro.
- Define scanning cadences based on risk tiers and release cycles, and track coverage across applications.
- Validate security findings, eliminate false positives, escalate critical vulnerabilities, create remediation tickets in Jira, track fixes, and perform retesting.
- Produce monthly security reports covering scan coverage, severity distribution, false-positive rates, and Service Level Agreement (SLA) compliance.
- Maintain the Vulnerability Disclosure Program (VDP) policy and public-facing page, including safe harbor language, scope definition, and non-acceptance criteria.
- Manage vulnerability intake through mailboxes or forms, configure Jira workflows, handle evidence securely, and ensure confidentiality.
- Reproduce reported vulnerabilities, score them using Common Vulnerability Scoring System (CVSS), and identify responsible asset owners.
- Coordinate internal and external vulnerability disclosures, advisories, and release notes.
- Manage communications with security researchers and oversee acknowledgment processes.
- Maintain dashboards to track Mean Time to Detect (MTTD), Mean Time to Remediate (MTTR), vulnerability recurrence, and severity trends.
Skills And Experience
- 4-6 years of experience in Dynamic Application Security Testing (DAST) operations and/or Product Security Incident Response Team (PSIRT) or Vulnerability Disclosure Program (VDP) management.
- Hands-on experience in Invicti, Apiiro, Jira, and CVSS scoring.
- Strong coordination, communication, and governance-focused mindset.
