VAPT Engineer

Job Description Skills: Nessus, Burp Suite, Metasploit, OWASP ZAP, Nmap, Qualys, Wireshark, Kali Linux, Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities - Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. - Identifying and maintaining Key metrics and SLA on Infrastructure Security. - Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. - Thorough experience in configurations reviews against CIS benchmarks and security standards. - Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. - Create/Update hardening documents and build audit file for automated testing. - Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. - Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. - Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. - Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. - Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. - Safeguarding information, infrastructures, applications, and business processes against cyber threats. - Proactively create, share, and read reports as part of the penetration testing activities. - Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification And Work Experience - Qualification: BE / BTech (Similar Education Background) - Work experience: 7-15 Years - 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. - Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. - Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. - Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). - Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. - Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. - The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. - Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) - Preferred: Script writing skills (Python/Ruby/bash/PowerShell). - Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. - Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. - Expertise in performing grey box/Black box testing. - Experience devising methods to automate testing activities and streamline testing processes. - Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) - Systematic strong analytical thinking and problem-solving skills. - Excellent in analytical thinking for translating data into informative visuals and reports. - Adaptable to change. - Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. - Location - Preferred location - Current Co - Experience - Current CTC - Expected CTC - Notice Period - Offer in Hand - Highest Education - SSC % - HSC % - Graduation % - University Name Regards, Ashwini Chakor