Lead VAPT

Job Title: Lead Offensive Security and Vulnerability Management

Location: Gurugram

Job Type: Full-Time

Role Overview: We are seeking a highly skilled Lead VAPT to lead offensive security and vulnerability management across Airtel's telecom ecosystem, spanning 2G, 4G, 5G SA/NSA, Fixed Wireless Access (Consumer & Enterprise Services), Wi-Fi, Homes & Broadband, NLD/ILD, DTH, Enterprise, and Transport.

This role will oversee telecom protocol penetration testing, attack surface management, red teaming, and vulnerability assessments, while also leading the vulnerability management lifecycle (VM) end-to-end — from discovery and risk rating to closure governance with managed service partners (MSS), OEMs, and domain owners.

This role works independently, owning the Offensive Security and Vulnerability Management vertical end-to-end, while leading MSS teams for delivery and collaborating with other Leads as part of a unified security leadership team.

Key Responsibilities:

Strategic Impact

• Define and execute Airtel's VAPT and vulnerability management strategy aligned with business and regulatory objectives.
• Build an attack surface management program covering telecom networks, enterprise IT, and customer-facing platforms.
• Enhance offensive security practices with protocol-level testing and red team simulations.

Operational Excellence

• Lead periodic vulnerability scans Airtel's telecom ecosystem, spanning 2G, 4G, 5G SA/NSA, Fixed Wireless Access (Consumer & Enterprise Services), Wi-Fi, Homes & Broadband, NLD/ILD, DTH, Enterprise, and Transport
• Conduct telecom protocol penetration testing eg. SS7, Diameter, SIP, and GTP.
• Manage new node VA scans before deployment to production.
• Perform application security assessments for Airtel's consumer/enterprise apps and APIs.
• Conduct cloud-native security testing for 5G core CNFs/VNFs and enterprise workloads.
• Develop custom scripts and tools to automate protocol fuzzing, exploit validation, and attack simulations
• Oversee red team exercises and adversary simulations to validate SOC detection and IR readiness.
• Lead the end-to-end vulnerability lifecycle: identification, prioritization, remediation tracking, exception management, and closure.
• Deliver risk-based reports with actionable remediation guidance for technical teams and leadership.

Leadership & Collaboration

• Lead and manage the MSS Vulnerability Assessment team and ensure timely deliverables.
• Govern risk closure with domain owners, OEMs, and managed service partners through structured governance.
• Work with SOC, Build, and GRC teams to ensure detection coverage, policy compliance, and risk governance.
• Engage in executive-level governance reporting on vulnerability posture, remediation SLAs, and red team outcomes.
• Work as the single point of accountability for VM lifecycle management.

Required Skills and Experience:

• 8+ years of experience in VAPT, offensive security, and vulnerability management leadership.
• Strong expertise in telecom network protocol testing
• Hands-on with VA/PT tools (eg. Tenable SC, Nessus, Nexpose, Burp Suite, Metasploit, custom telecom fuzzers, Wireshark).
• Experience in vulnerability lifecycle governance (tracking, closure, exception handling, SLA reporting).
• Knowledge of attack surface management, red teaming, adversary simulations, and hands-on.
• Strong understanding of network stack – Mobility, Transport, Broadband, Enterprise, Wi-Fi, Homes, DTH.
• Proven ability to work with OEMs, MSSPs, and internal domain owners for coordinated remediation.

Preferred Qualifications:

• Certifications: OSCP, OSWE, GPEN, GXPN, CEH (Practical), CISA/CISM for risk governance.
• Experience in telecom security testing or managed security service delivery.
• Familiarity with 3GPP, GSMA FS.11, ISO 27011, and NESAS/SCAS frameworks.
• Exposure to cloud-native 5G security testing (CNFs, VNFs, API security).

Why Join Us?

• Lead the entire VAPT and vulnerability management function for one of the leading telecommunications companies globally.
• Drive both offensive security (protocol/PT, red team) and defensive risk closure governance.
• Collaborate with OEMs, MSSPs, and regulators to strengthen Airtel's cyber resilience.