VAPT Engineer

Position: VAPT Engineer

Reporting to: Platform Lead Infrastructure Security

Employment Type: Employee - Full Time

Work Location: Guwahati

Key Focus area: Infrastructure Penetration Tester

Key Responsibilities:

• Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility.
• Identifying and maintaining Key metrics and SLA on Infrastructure Security.
• Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems.
• Thorough experience in configurations reviews against CIS benchmarks and security standards.
• Ensure all Hardening and Patching activities are conducted and tracked as per defined policies.
• Create/Update hardening documents and build audit file for automated testing.
• Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
• Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people.
• Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations.
• Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings.
• Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments.
• Safeguarding information, infrastructures, applications, and business processes against cyber threats.
• Proactively create, share, and read reports as part of the penetration testing activities.
• Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation.

Qualification and Work Experience

• Qualification: BE / BTech (Similar Education Background)
• Work experience: 7-15 Years
• 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems.
• Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion.
• Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required.
• Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE).
• Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans.
• Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc.
• The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng.
• Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications)
• Preferred: Script writing skills (Python/Ruby/bash/PowerShell).
• Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS.
• Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms.
• Expertise in performing grey box/Black box testing.
• Experience devising methods to automate testing activities and streamline testing processes.
• Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises.

Competencies / Expertise Required (Functional & Behavioral)

• Systematic strong analytical thinking and problem-solving skills.
• Excellent in analytical thinking for translating data into informative visuals and reports.
• Adaptable to change.
• Quick Learner Open learn and work on new technologies and products.

If you're interested, please share below mention details for the same.

• Location
• Preferred location
• Current Co
• Experience
• Current CTC
• Expected CTC
• Notice Period
• Offer in Hand
• Highest Education
• SSC %
• HSC %
• Graduation %
• University Name

Regards,

Ashwini Chakor