An Offensive Security Tester is a cybersecurity expert responsible for simulating real-world cyberattacks to uncover vulnerabilities before adversaries do. With a focus on mobile applications, web platforms, and APIs, they assess and exploit weaknesses across the full technology stack to help organizations strengthen their defenses.

Key Responsibilities:

1. Perform end-to-end security testing of web applications, including authentication, authorization, session management, and input validation flaws.
2. Conduct mobile application penetration tests (iOS and Android), analyzing code, reverse engineering apps, and bypassing client-side protections.
3. Assess APIs (REST, GraphQL, SOAP, etc.) for insecure endpoints, improper authentication, and data leakage.
4. Simulate real-world attack scenarios including privilege escalation, lateral movement, and data exfiltration.
5. Develop and execute custom exploits and proof-of-concept attacks.
6. Deliver comprehensive reports detailing risk levels, technical findings, and remediation recommendations.
7. Stay current with emerging vulnerabilities, tools, and offensive techniques.

Skills & Tools:

1. Expertise in tools such as Burp Suite, OWASP ZAP, MobSF, Frida, Objection, Postman, and custom scripts.
2. Deep knowledge of OWASP Top 10 (Web and Mobile), MITRE ATT&CK, CVEs, and threat modeling.
3. Proficiency in scripting languages like Python, Bash, JavaScript, or PowerShell.