Job Description

Candidate with certification such as CEH, OSCP, comptia etc.. & from cert-in empanelled
organization would be a plus

This role requires experience in conducting VAPT assessment for web applications, mobile
applications, API, thick clients and Network Infrastructure. The desired candidate should also possess
the necessary knowledge or skill in the following areas:
-Create and conduct effective proposal presentation and RFP responses that identify prospects,
business problems and the solution we offer.
-Performing manual and automated security testing
-Secure network design and architecture review
-Network protocols like HTTP, DNS, SMTP, TCP/IP, IPS/870, SSL/TLS and other web technologies
-General IT Security Concepts
-Good communication skills and quick learning capabilities
We would very much appreciate your assistance in finding us a suitable candidate who meets the
criteria stated above and a candidate from cert-in empanelled organization would be a plus.
(https://www.cert-in.org.in/PDF/Empanel_org_2022.pdf)

Basic Questions Answer must have Rating from 1-10

1. Network VAPT

What tools do you use for
Network Penetration testing

Nessus, Nipper, Wireshark,
Nmap

What are common ports and
services to focus on during
penetration testing

20,21,23,25,80,443,110

2
Web
Application
VAPT

What tools do you use for
Web Penetration testing

Burp suite, Nikto, Sqlmap,
ZAP

Recent project done by you

gov and private?

3
Mobile
Application
VAPT

What tools do you use for
Mobile Penetration testing

Frida, Objection for SSL
bypass, Mobsf, Yazhini

Recent project done by you

gov and private?

4 API VAPT What tools do you use for

API Penetration testing Postman and Burpsuite

Recex