Lead-Red team

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Through Managed Extended Detection and Response (MXDR), Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we fortify our clients' cybersecurity across both offense and defence.

Our AI-driven Nopal360° platform, NopalGo mobile app, and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to quantify, track, and visualize their cybersecurity posture in real time. We democratize enterprise-grade security operations for organizations of all sizes by lowering the barrier to entry while raising the bar for security and service.

Location
: Nopal Cyber, Hyderabad (Work from Office, 5 Days a Week)

Employment Type
: Full-time

Key Responsibilities

• Perform advanced Vulnerability Assessment and Penetration Testing (VAPT) across external infrastructure, internal networks, web and mobile applications, APIs, and cloud environments (AWS, Azure, GCP).
• Conduct CIS Benchmark-based hardening assessments and implementations across operating systems (Windows, Linux), databases, middleware, network devices, and cloud platforms.
• Deliver customized hardening guides and security baselines mapped to client-specific compliance requirements and regulatory frameworks.
• Execute Dynamic Application Security Testing (DAST) on web and API applications (both authenticated and unauthenticated) using enterprise-grade tools; analyze, validate, and prioritize findings with actionable remediation guidance.
• Run Breach and Attack Simulation (BAS) scenarios to test resilience against real-world adversary tactics, techniques, and procedures (TTPs).
• Prepare comprehensive technical reports and executive-level summaries highlighting vulnerabilities, attack paths, misconfigurations, and compliance gaps.
• Continuously research emerging attack vectors, zero-day vulnerabilities, DAST methodologies, and new CIS benchmark updates to refine assessment strategies.
• Contribute to Ransomware Resiliency Assessments (RRA) by simulating ransomware behaviors and evaluating control effectiveness.

Required Skills & Experience

• 8–12 years of direct, hands-on cybersecurity consulting experience, with deep expertise in VAPT, CIS benchmarking, and application security testing (DAST).
• Proven track record performing end-to-end penetration tests and dynamic application security scans using industry tools such as Burp Suite Pro, OWASP ZAP, Nessus, Qualys, Netsparker, Acunetix, and custom scripts.
• Strong understanding of web application security flaws (OWASP Top 10, API security issues, authentication/authorization flaws, injection attacks, deserialization, SSRF, RCE, etc.) and ability to exploit and document them.
• Solid understanding of network protocols, operating system behaviors, and common application security principles relevant to modern IT environments.
• Hands-on experience with CIS Benchmark implementation and verification across diverse platforms, ensuring alignment with client compliance mandates.
• Familiarity with BAS tools and adversary emulation frameworks to measure detection and response maturity.
• Proficiency in scripting/automation (Python, PowerShell, Bash) to extend testing capabilities or validate findings.
• Working knowledge of security architecture frameworks (e.g., SABSA) and threat modeling methodologies (e.g., STRIDE, kill chains, attack trees) to support risk-informed vulnerability assessments, hardening efforts, and remediation planning.
• Ability to write and present detailed remediation reports, security recommendations, and compliance-aligned hardening outputs.
• Strong communication skills to convey technical findings to technical and executive stakeholders.

Educational Qualifications

• Bachelor's degree in engineering, Computer Science, or related discipline.
• CEH Certification (Mandatory) plus one or more advanced certifications:
• OSCP (Offensive Security Certified Professional)
• eCPPT (eLearn Security Certified Professional Penetration Tester)
• CompTIA Pentest+
• CRTP / CRTE (Certified Red Team Professional/Expert)
• CIS-CAT Pro Assessor or equivalent CIS Benchmark credentials
• Familiarity with MITRE ATT&CK and adversary simulation frameworks.

Personal attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment