Senior& Junior VAPT Consultant

Job Description- Senior VAPT Consultant

Experience - 8 years

Loc : Bengaluru

CTC : 20 LPA MAX

We are seeking an experienced and highly skilled
Senior VAPT Consultant
with 8+ years of hands-on experience in offensive security. The ideal candidate will possess deep technical expertise in assessing and securing complex enterprise environments, including Active Directory, web applications, networks, cloud infrastructures, APIs, and advanced adversarial simulation. This role demands a strong ability to lead engagements, mentor junior consultants, deliver high-quality technical reports, and interface with clients to provide both tactical and strategic security recommendations.

Key Responsibilities:

· Lead and conduct end-to-end penetration testing engagements across web applications, mobile apps, APIs, networks, WiFi, Active Directory, and cloud platforms (AWS, Azure, GCP).

· Execute red team and adversary simulation exercises, including phishing, lateral movement, persistence, and data exfiltration scenarios.

· Perform advanced Active Directory exploitation (on-prem, Azure AD, hybrid environments) including Kerberoasting, unconstrained delegation, golden/silver tickets, and modern AD attack chains.

· Assess and exploit cloud-native vulnerabilities, IAM misconfigurations, container/Kubernetes environments, and serverless workloads.

· Conduct wireless/WiFi pentesting (WEP/WPA/WPA2/WPA3 attacks, rogue AP, evil twin).

· Perform basic to intermediate reverse engineering and exploit development for binaries, scripts, and mobile apps.

· Utilize frameworks and tools such as Burp Suite Pro, ZAP, Caido, Metasploit, Havoc/Mythic/Sliver C2, BloodHound, Mimikatz, Impacket, and custom scripts/exploits.

· Draft and review detailed penetration testing reports, Statements of Work (SoW), Rules of Engagement (RoE), and executive presentations.

· Mentor and guide junior consultants, providing technical leadership, peer review, and training.

· Work closely with clients to communicate findings, risk implications, remediation strategies, and overall security posture improvements.

Requirements

· 8+ years of proven experience in vulnerability assessment, penetration testing, and red team operations.

· Strong expertise in Active Directory exploitation and defenses (on-prem, hybrid, Azure AD).

· Advanced skills in web application, API, and network penetration testing.

· Proficiency in cloud penetration testing (AWS, Azure, GCP) including IAM, storage, networking, and serverless security.

· Strong understanding of exploit development, reverse engineering, and evasion techniques.

· Proficiency with industry-standard tools and custom exploit/script development.

· Solid knowledge of enterprise security technologies (SIEM, SOAR, Firewalls, IDS/IPS, AV/EDR/XDR).

· Strong technical writing and client-facing communication skills, including report drafting and delivery.

· Experience in leading teams, reviewing deliverables, and mentoring junior consultants.

Preferred Qualifications

· Offensive security certifications such as
OSCP, OSEP, OSED, OSWE, OSEE, CRTP, CRTE, CREST, GXPN, or equivalent
.

· Experience in
IoT, hardware, and automotive penetration testing
.

· Prior experience in
adversary emulation and purple team exercises
.

· Familiarity with
DevSecOps pipelines and Secure SDLC integration
.

JUNIOR VAPT SPECIALIST

Job Description

Exp : 2+ years

Loc : bengaluru

CTC : 8 LPA MAX

We are seeking a skilled VAPT Specialist with at least 2 years of experience to join our cybersecurity team. The ideal candidate will have expertise in assessing and securing various systems, including Active Directory, web applications, networks, and cloud environments, with a focus on delivering high-quality penetration testing and reporting.

Key Responsibilities:

•Conduct Active Directory assessments (on-prem, Azure AD, and hybrid environments).

•Perform web vulnerability assessments using tools like ZAP, Burp Suite, Caido, and Fiddler.

•Execute network penetration testing to identify and exploit vulnerabilities.

•Conduct WiFi penetration testing and cloud penetration testing.

•Perform basic reverse engineering to analyze vulnerabilities.

•Draft comprehensive reports and documentation, including Statements of Work (SoW), Rules of Engagement (RoE), and project proposals.

•Utilize frameworks like Metasploit, Sliver C2, or other C2 servers for testing.

Requirements

• Minimum 2 years of experience in vulnerability assessment and penetration testing.

•Proficiency in Active Directory assessment (on-prem, Azure AD, and hybrid).

•Strong knowledge of web vulnerability assessment and network penetration testing.

•Familiarity with WiFi pentesting and cloud pentesting.

•Experience with tools such as ZAP, Burp Suite, Caido, and Fiddler for web assessments.

•Basic understanding of reverse engineering.

•Knowledge of security systems, including SIEM, SOAR, Firewalls, IDS/IPS, AV/EDR/XDR.

•Proficiency in report drafting and documentation (SoW, RoE, project proposals).

•Experience with Metasploit, Sliver C2, or similar C2 frameworks.

Preferred Qualifications:

•Certifications such as OSCP, BSCP, CRTP, CRTE, OSEP, OSED, OSWE, or CEH v13.

•Good to have experience/certification in IoT and hardware penetration testing.