Penetration Testing Engineer

2 - 5 Years

1 Opening

Bengaluru

Role Overview

As a Penetration Testing Engineer at Grant Thornton, you will conduct advanced security assessments across applications, networks, cloud environments, and enterprise systems. You will emulate real-world attack scenarios, identify vulnerabilities, and collaborate with engineering and client teams to remediate risks. This role requires a balance of technical expertise, consulting skills, and strong communication.

Key Responsibilities

• Plan & Execute Penetration Tests: Perform authorized tests on web applications, APIs, cloud platforms (AWS/Azure/GCP), and internal networks following industry standards (PTES, NIST , OSSTMM).
• Reporting & Advisory: Deliver clear, actionable reports with risk ratings, exploit narratives, and remediation guidance tailored for technical and executive audiences.
• Client Engagement: Work directly with clients to scope engagements, explain findings, and advise on secure design and preventive controls.
• Tooling & Automation: Develop scripts and tools (Python, PowerShell, Bash) to streamline testing and reporting processes.
• Continuous Improvement: Contribute to internal methodologies, playbooks, and secure SDLC practices; mentor junior team members.

Required Qualifications

• Experience: 2–5 years in penetration testing or offensive security.

• Technical Skills:

• Web/API testing (OWASP Top 10, ASVS)

• Cloud security (AWS/Azure/GCP misconfigurations, IAM)
• Network/Active Directory assessments

• Familiarity with containers/Kubernetes security

• Tools: Burp Suite Pro, Nmap, Metasploit, Kali Linux, Wireshark, Nessus/OpenVAS.

• Scripting: Python, PowerShell, Bash (Go is a plus).
• Frameworks & Standards: PTES, NIST , MITRE ATT&CK, OWASP.
• Certifications (Preferred): OSCP, OSWE, OSEP, GPEN, GXPN, eCPPT.

Preferred Qualifications

• Consulting experience with client-facing communication.
• Familiarity with compliance frameworks (SOC 2, ISO 27001, PCI DSS).
• Ability to translate technical findings into business risk language.

Soft Skills

• Strong communication and presentation skills.
• Ability to manage multiple engagements and deadlines.
• Ethical mindset and strict adherence to authorized testing boundaries.

'Grant Thornton INDUS' comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn't just what we do – it's how we do it. We support and enable the firm's purpose of making business more personal and building trust into every result. We're collaborators – obsessed with quality and ready for anything – who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton's access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India – Bengaluru and Kolkata