VAPT & Web App Testing Analyst

Company Description

Quantanite is a specialist business process outsourcing (BPO) and customer experience (CX) solutions company that helps fast-growing companies and leading global brands to transform and grow. We do this through a collaborative and consultative approach, rethinking business processes and ensuring our clients employ the optimal mix of automation and human intelligence. We are an ambitious team of professionals spread across four continents and looking to disrupt our industry by delivering seamless customer experiences for our clients, backed-up with exceptional results. We have big dreams, and are constantly looking for new colleagues to join us who share our values, passion and appreciation for diversity.

The company is headquartered in London, with delivery centers in Dhaka (Bangladesh), Johannesburg (South Africa) and Thane (India). The current positions are for our Thane, India delivery center.

Job Description

• Conduct comprehensive Vulnerability Assessments and Penetration Testing (VAPT) for web applications, networks, and APIs.

• Identify security vulnerabilities using tools like Qualys, Rapid7, XM Cyber, and other industry-standard platforms.

• Perform manual and automated security assessments to simulate real-world attacks.

• Work on the VAPT reports shared by external parties. Work with stakeholders with remediation plan.

• Collaborate with development and operations teams to remediate identified vulnerabilities.

• Prepare detailed reports with findings, risk evaluations, and actionable recommendations.

• Monitor and analyze security incidents and respond to threats in a timely manner.

• Stay updated with emerging threats, vulnerabilities, and industry best practices.

• Contribute to security awareness and training programs within the organization.

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field. • 3-5 years of experience in VAPT and web application security testing. • Hands-on experience with tools such as Qualys, Rapid7, XM Cyber, Burp Suite, OWASP ZAP, and other security testing frameworks. • Strong understanding of OWASP Top 10 vulnerabilities and common attack vectors. • Knowledge of network security concepts, firewall management, and intrusion detection systems. • Familiarity with scripting languages (e.g., Python, Bash) and automation for security testing. • Industry certifications such as CEH, OSCP, GWAPT, or CISSP are preferred. • Excellent analytical, problem-solving, and communication skills.

Additional Information

Preferred Skills • Experience with cloud security testing (AWS, Azure, GCP). • Understanding of DevSecOps principles and CI/CD pipelines. • Exposure with SIEM, good to have • Familiarity with compliance standards like ISO 27001, PCI-DSS, or NIST. • Experience in generating detailed reports and presenting findings to both technical and non-technical stakeholders.