Penetration Tester

3 weeks ago

guntur, India Delphic (South Asia) Full time

Job Description:

We are seeking an experienced Vulnerability Assessment and Penetration Testing (VAPT) Engineer with a minimum of 6 years of experience in cybersecurity to join our team. The successful candidate will be responsible for identifying vulnerabilities in applications, networks, and systems, conducting penetration testing, and providing actionable insights to mitigate risks. This role requires in-depth knowledge of cybersecurity frameworks, tools, and best practices, as well as the ability to lead projects and mentor junior team members.

Key Responsibilities:

  • Vulnerability Assessment:
  • Conduct thorough vulnerability assessments on web applications, networks, mobile apps, cloud environments, and APIs.
  • Use automated scanning tools (e.g., Nessus, Qualys, OpenVAS, etc.) to detect vulnerabilities in systems and infrastructure.
  • Perform manual verification of scan results to eliminate false positives.
  • Penetration Testing:
  • Lead the execution of penetration tests on networks, applications (web, mobile), and APIs.
  • Utilize penetration testing frameworks and tools (e.g., Metasploit, Burp Suite, OWASP ZAP, Kali Linux tools).
  • Identify weaknesses and exploit vulnerabilities to assess potential risk impact.
  • Security Audits:
  • Conduct security audits and assessments following established security standards and frameworks (e.g., OWASP, NIST, ISO 27001).
  • Collaborate with cross-functional teams to review security configurations and improve the overall security posture.
  • Risk Analysis & Reporting:
  • Analyze the impact of identified vulnerabilities and prioritize risks based on severity.
  • Prepare detailed, actionable reports on findings and recommendations for remediation.
  • Communicate results to technical and non-technical stakeholders, including management and IT teams.
  • Remediation & Advisory:
  • Work closely with developers, network administrators, and IT teams to provide remediation guidance.
  • Provide ongoing advisory services to improve the security of applications, networks, and systems.
  • Research & Development:
  • Stay updated on the latest security threats, vulnerabilities, and penetration testing techniques.
  • Develop new testing methodologies and tools to enhance penetration testing capabilities.
  • Compliance & Best Practices:
  • Ensure compliance with industry standards (e.g., PCI-DSS, GDPR, HIPAA) and corporate security policies.
  • Implement security best practices across the organization.
  • Mentorship & Leadership:
  • Mentor junior team members, providing guidance on vulnerability assessment and penetration testing techniques.
  • Lead VAPT projects and collaborate with cross-functional teams to meet deadlines and ensure the delivery of high-quality results.

Required Skills:

  • Technical Skills:
  • Extensive experience with VAPT tools like Nessus, Burp Suite, Qualys, OWASP ZAP, Metasploit, and others.
  • Strong knowledge of network security, web application security, and cloud security.
  • Familiarity with SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools.
  • Understanding of common attack vectors and vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), buffer overflows, etc.
  • Familiarity with security frameworks like OWASP Top 10, NIST, and ISO/IEC 27001.
  • Experience with operating systems like Linux, Windows, and macOS, and familiarity with shell scripting (e.g., Python, Bash).
  • Soft Skills:
  • Excellent analytical and problem-solving skills.
  • Strong verbal and written communication skills, with the ability to explain technical concepts to non-technical stakeholders.
  • Ability to work independently and as part of a team.
  • Project management skills and experience leading VAPT projects.
  • Detail-oriented with a focus on delivering quality work.

Qualifications:

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).
  • Certifications:
  • Preferably one or more certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), CISA, or similar.
  • Experience: At least 6 years of hands-on experience in Vulnerability Assessment and Penetration Testing.
  • Familiarity with cloud environments (e.g., AWS, Azure, GCP) is a plus.

Preferred Qualifications:

  • Experience working in a DevSecOps or SecOps environment.
  • Knowledge of security in DevOps pipelines and automation tools like Jenkins, Docker, or Kubernetes.
  • Experience with Red Team and Blue Team activities is a plus.

Why Join Us:

  • Competitive salary and benefits package.
  • Opportunity to work with a dynamic team in a fast-paced environment.
  • Access to cutting-edge security technologies and training resources.
  • A collaborative, innovation-driven culture where your ideas are valued.