Job Description

Senior Security Consultant (VAPT Specialist) Company Overview

We are seeking a highly skilled and experienced Senior VAPT Specialist to join our cybersecurity team. This role is ideal for a security professional who excels in a client-facing environment and possesses in-depth expertise in both offensive and defensive security practices.

Position Summary

As a Senior VAPT Specialist, you will be responsible for conducting comprehensive security assessments, managing client relationships, and delivering high-quality penetration testing services. You will work with diverse clients to identify vulnerabilities, assess security postures, and provide actionable recommendations to enhance their cybersecurity defenses but not limited to.

Key ResponsibilitiesClient Management & Communication

Serve as the primary technical point of contact for assigned clients during security assessments Conduct client briefings, status updates, and final presentation meetings Translate complex technical findings into business-relevant insights for stakeholders Maintain professional relationships and ensure client satisfaction throughout project lifecycles Prepare and deliver comprehensive reports with clear remediation guidance

Security Testing & Assessment

Perform comprehensive vulnerability assessments and penetration testing across multiple domains:

Web Application Security Testing

: Identify and exploit vulnerabilities in web applications, including but not limited to OWASP Top 10 vulnerabilities

Mobile Application Security Testing

: Assess the security of iOS and Android applications, including static and dynamic analysis

API Security Testing

: Evaluate REST, SOAP, and GraphQL APIs for security weaknesses

Network Penetration Testing

: Conduct internal and external network assessments, including wireless security testing

Source Code Review

: Perform manual and automated static code analysis to identify security flaws

Cloud Security Configuration Review

: Assess cloud infrastructure configurations across AWS, Azure, and GCP platforms

Threat Modeling & Risk Assessment

Develop comprehensive threat models for client applications and infrastructure Conduct risk assessments and prioritize security findings based on business impact Design attack scenarios and security test cases based on threat intelligence Collaborate with development teams to integrate security into SDLC processes

Red Team Operations

Plan and execute red team exercises to simulate real-world attack scenarios Develop custom tools and exploits for specific client environments Conduct social engineering assessments and physical security testing when required Provide post-exercise debriefings and improvement recommendations

Documentation & Reporting

Create detailed technical reports documenting vulnerabilities, exploitation methods, and remediation steps Develop executive summaries tailored for C-level audiences Maintain accurate project documentation and testing methodologies Contribute to internal knowledge base and best practices documentation

Required QualificationsExperience & Background

3-5 years of hands-on experience

in vulnerability assessment and penetration testing Proven track record of successful client engagements and project delivery Experience with enterprise-level security assessments across various industries Demonstrated ability to work independently and manage multiple projects simultaneously

Technical Expertise

Deep understanding of security frameworks and standards

: Penetration Testing Execution Standard (PTES) OWASP Top 10 and OWASP Testing Guide SANS Top 25 Most Dangerous Software Errors NIST Cybersecurity Framework CIS Critical Security Controls MITRE ATT&CK Framework

Development & Programming Experience

Software Development Background

: Hands-on experience in application development and an understanding of secure coding practices are highly recommended.

Programming and Scripting Languages

: Strong proficiency in

Python and Bash

as minimum requirements, with additional experience in PowerShell, and at least one compiled language (C/C++, Go, Java, or C#)

Custom Tool Development

: Ability to develop custom security tools, exploits, and automation scripts

Security Tools Expertise

: Expert-level proficiency with: Burp Suite Professional, OWASP ZAP Nmap, Nessus, OpenVAS Metasploit, Cobalt Strike Wireshark, tcpdump Static analysis tools (SonarQube, Checkmarx, Veracode) Custom exploit development tools

Social Engineering & Phishing Expertise

Social Engineering Assessments

: Design and execute social engineering campaigns to test human-factor security

Phishing Simulations

: Develop and conduct sophisticated phishing campaigns, including email, SMS, and voice-based attacks

Physical Security Testing

: Conduct on-site assessments including tailgating, badge cloning, and facility penetration

Awareness Training

: Provide security awareness training based on assessment findings

OSINT (Open Source Intelligence)

: Gather and analyze publicly available information for reconnaissance and social engineering preparation

Communication & Language Skills

Excellent English communication skills

(both written and spoken) Ability to communicate complex technical concepts to non-technical stakeholders Strong presentation and public speaking abilities Professional writing skills for technical documentation and reports

Professional Attributes

Strong analytical and problem-solving abilities Attention to detail and a methodical approach to testing Ability to think like an attacker and anticipate security threats Commitment to ethical hacking principles and professional conduct Continuous learning mindset to stay current with emerging threats and technologies

Research-Oriented Mindset

: Conduct deep research activities to understand emerging vulnerabilities, attack vectors, and security trends

Innovation and Tool Development

: Proactive approach to developing custom security tools, scripts, and methodologies to enhance testing capabilities Creative thinking for developing novel attack scenarios and bypassing security controls

Preferred QualificationsCertifications (Added Advantage)

OSCP

- Highly Preferred

GPEN

CRTO

CRT

Additional Experience (Added Advantage)

Experience with DevSecOps practices and CI/CD pipeline security Background in software development or system administration Knowledge of compliance frameworks (PCI DSS, HIPAA, GDPR, SOC2, ISO 27001) Experience with threat intelligence platforms and indicators of compromise Familiarity with containerization security (Docker, Kubernetes) Previous consulting or client-facing experience

What We OfferProfessional Development

Continuous learning opportunities and professional development Support for professional certifications and training Mentorship opportunities and knowledge-sharing sessions

Work Environment

Collaborative and innovative team environment Flexible work arrangements and remote work options Opportunity to work with diverse clients across various industries Exposure to the latest cybersecurity trends and emerging technologies

Compensation & Benefits

Competitive salary commensurate with experience Performance-based bonuses and incentives Professional development and certification reimbursement

Application Process

Qualified candidates should submit:

Current resume highlighting relevant experience and certifications Cover letter demonstrating communication skills and explaining interest in the role Professional references from previous clients or employers
We are an equal-opportunity employer committed to diversity and inclusion in our workforce.

Job Type: Full-time

Benefits:

Flexible schedule Health insurance Paid time off Provident Fund
Schedule:

Monday to Friday
Work Location: In person