Senior Vulnerability Assessment & Penetration Testing (VAPT) Engineer

We are seeking a Senior VAPT Engineer to join our cybersecurity team. The ideal candidate will be responsible for conducting vulnerability assessments, penetration testing, and security evaluations to identify risks in applications, infrastructure, and networks. They will play a key role in improving security measures, mitigating threats, and ensuring compliance with industry standards.


Key Responsibilities:

Security Assessment & Penetration Testing:

- Perform vulnerability assessments and penetration testing (VAPT) on web applications, mobile applications, cloud, and infrastructure.
- Identify, analyze, and report security vulnerabilities, providing detailed remediation recommendations.
- Develop, execute, and automate security testing methodologies and processes.
- Work with development teams to ensure secure coding practices and remediation of security findings.

Security Operations & Compliance:

- Monitor security alerts, perform triage, and work with the relevant teams for resolution.
- Support access control management, perform reviews, and manage privileged accounts.
- Conduct security audits, compliance reviews, and security risk assessments.
- Ensure compliance with information security policies and industry standards.

Security Strategy & Leadership:

- Lead and support a team of security engineers in securing products and infrastructure.
- Build and manage a roadmap for security initiatives and track performance metrics.
- Collaborate with engineering leaders to prioritize security issues and align security objectives with business goals.
- Provide security training and awareness programs to teams to foster a security-first culture.

Technical & Business Collaboration:

- Partner with cross-functional teams to integrate security into SDLC and DevSecOps pipelines.
- Provide expert guidance on emerging threats, attack vectors, and security best practices.
- Work closely with SOC and Incident Response teams to enhance threat detection and response capabilities.
- Support day-to-day IT Security BAU (Business-As-Usual) tasks and incident investigations.


Skills & Expertise:

- Hands-on experience with VAPT tools (e.g., Burp Suite, Metasploit, Nessus, Qualys, Nmap, etc.).
- Strong knowledge of web application security, OWASP Top 10, SAST/DAST methodologies.
- Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes).
- Knowledge of security frameworks (NIST, ISO 27001, CIS Benchmarks, etc.).
- Experience in security automation, scripting (Python, Bash, PowerShell), and API security testing.
- Strong understanding of network security, firewalls, IDS/IPS, and endpoint security solutions.

Requirements

Minimum Qualifications:

- Education: Bachelor's or Master's degree in Information Security, Cybersecurity, Computer Science, or Software Engineering.
- Experience: 3-7 years of experience in IT security, application security, or IT security administration/architecture.
- Strong analytical and problem-solving skills.
- Excellent written and oral communication skills.

Preferred Qualifications:

- Certifications: CEH, CEH Master, OSCP, CISM, or related certifications.
- Experience in security risk analysis and mitigation strategies.
- Knowledge of Incident Management Processes.
- Exposure to Security Information and Event Management (SIEM) and Security Operations Center (SOC) operations.