VAPT Specialist

Inbox Business Technologies is looking for a highly skilled and motivated Cybersecurity Penetration Tester to join our growing security team. The role requires mobility and may involve occasional travel to KSA for work-related assignments. The ideal candidate will have extensive experience in conducting penetration tests, vulnerability assessments, and ethical hacking to identify and mitigate security risks within an organization’s systems and networks. You will play a crucial role in helping to safeguard our client’s digital assets and ensure the security of our clients and stakeholders. 

Responsibilities: 

• Conduct penetration testing on web applications, networks, systems, and mobile applications(android, IOS) to identify vulnerabilities. 

• Conduct security assessment for cloud services 

• Perform vulnerability assessments and provide detailed analysis of findings, including risk levels and remediation suggestions. 

• Simulate attacks on infrastructure, systems and services to identify the real problems. This may include testing the effectiveness of existing controls (WAFs, Access Control, segmentation etc)  

• Develop and execute test cases for penetration testing and provide comprehensive reports that highlight security flaws and offer actionable remediation steps. 

• Stay up to date with the latest security trends, tools, techniques, and threats to continuously improve penetration testing strategies. 

• Collaborate with IT, DevOps, and development teams to prioritize and implement solutions for identified vulnerabilities. 

• Engage in social engineering assessments, including phishing campaigns and physical security testing, when applicable. 

• Provide training and knowledge transfer to internal teams on security best practices and risk mitigation techniques as per need. 

• Assist in incident response investigations and provide insights into potential exploits used in any security breaches as and when required. 

Requirements

• Proven experience as a Penetration Tester, Ethical Hacker, or Security Consultant. 

• Strong understanding of penetration testing methodologies (e.g., OWASP, NIST, PTES). 

• Proficiency in using penetration testing tools such as Burp Suite, Kali Linux, Metasploit, Nessus, and Wireshark. 

• Familiarity with scripting and programming languages such as Python, Bash, PowerShell, or Ruby is mandatory. 

• Hands-on experience with network security testing, including firewall configurations, VPNs, and intrusion detection/prevention systems. 

• Experience with DevSecOps practices and secure software development lifecycle (SDLC). 

• Hands-on experience with red teaming and understanding of advanced persistent threats (APTs). 

• Knowledge of regulatory frameworks such as GDPR, HIPAA, and PCI-DSS. 

• Understanding of operating systems (Windows, Linux, macOS) and their security features. 

• Familiarity with cloud security (AWS, Azure, Google Cloud) and container security (Docker, Kubernetes). 

• Relevant certifications such as OSCP, CEH, or GPEN mandatory 

• Strong communication and report writing skills with the ability to explain technical findings to non-technical stakeholders. 

• Ability to work independently and as part of a collaborative security team.