Burp Suite Pro, Invicti, Apiiro Application Security Posture Management (ASPM), Jira, OWASP Tools (ZAP, etc.), Postman
Description
GSPANN is hiring a Penetration Testing & Offensive Security Engineer to conduct in-depth application security testing and offensive security assessments. The role focuses on identifying, exploiting, and reporting vulnerabilities while supporting remediation and risk reduction.
Location: Gurugram / Hyderabad
Role Type: Full Time
Published On: 23 December 2025
Experience: 6 - 8 Years
Share this job
Description
GSPANN is hiring a Penetration Testing & Offensive Security Engineer to conduct in-depth application security testing and offensive security assessments. The role focuses on identifying, exploiting, and reporting vulnerabilities while supporting remediation and risk reduction.
Role and Responsibilities
- Lead scoping calls to confirm testing timelines, prerequisites, and overall test readiness.
- Execute penetration tests using Burp Suite Pro, supported Invicti scans, and custom-built scripts.
- Identify, exploit, and document vulnerabilities with clear Proof of Concept (PoC) and post-exploitation analysis.
- Configure and run Dynamic Application Security Testing (DAST) scans while maintaining test plans, scripts, and reports.
- Prepare detailed technical and executive-level reports in client-approved formats and conduct walkthroughs with application teams.
- Create remediation tickets in Jira, validate fixes, perform retesting, and close findings with supporting evidence.
- Upload assessment reports and findings to Apiiro, manage the vulnerability lifecycle, and track remediation against defined Service Level Agreements (SLAs).
Skills And Experience
- 6-8 years of experience in offensive security, Vulnerability Assessment and Penetration Testing (VAPT), or application penetration testing.
- Hands-on expertise with Burp Suite Pro, Invicti, and OWASP testing tools.
- Strong experience in Application Programming Interface (API) testing using tools such as Postman.
- Proven ability to produce high-quality security reports and communicate findings effectively to technical and business stakeholders.
- Working knowledge of OWASP Application Security Verification Standard (ASVS), Mobile Application Security Verification Standard (MASVS), and OWASP Top 10 vulnerabilities
