Vapt Engineer

Role & responsibilities

a) Vulnerability Assessment -

• Conduct vulnerability scans using tools like Nessus, OpenVAS, etc.
• Analyze scan results to identify security vulnerabilities in systems, networks, applications (including mobile apps).
• Assess severity, potential impact, and risk exposure of vulnerabilities.

b) Penetration Testing -

• Perform penetration tests on web applications, networks, systems, and mobile platforms (Android & iOS).
• Follow structured methodologies (OWASP Top 10, PTES, etc.) for testing.
• Simulate real-world attacks to identify and exploit vulnerabilities responsibly.
• Conduct basic reverse engineering and static/dynamic analysis on mobile applications.

c) Reporting -

• Prepare comprehensive, clear, and technically accurate vulnerability reports.
• Provide prioritized remediation recommendations tailored to each vulnerability.
• Collaborate with senior team members to review and finalize findings.

d) Collaboration and Support -

• Support the development of internal testing procedures and tools.
• Assist in re-testing and validation of resolved vulnerabilities.
• Work with system owners, developers, and other stakeholders to ensure fixes are properly implemented.
• Escalate complex findings to senior VAPT engineers or security leads.

e) Tool Proficiency -

• Hands-on experience with: o Nessus, Burp Suite, Nmap, Wireshark, Kali Linux, Metasploit o Mobile security tools such as MobSF, Frida, Drozer, ADB, Xcode, Objection
• Familiarity with proxy tools, traffic interceptors, and reverse engineering utilities. f) Continuous Learning
• Keep up with emerging threats, exploits, and vulnerability disclosures.
  • Participate in internal and external cybersecurity training, CTFs, and knowledge-sharing sessions.

Preferred candidate profile

• Bachelors degree in computer science, Information Technology, Cybersecurity, or related field.

• 4 to 6 years of hands-on experience in Vulnerability Assessment & Penetration Testing.

• Experience in mobile application security testing (Android and iOS).

• Strong understanding of networking protocols, web technologies, and mobile platforms.

• Good knowledge of Windows, Linux, and mobile OS (Android/iOS) security principles.

• Exposure to secure coding practices and app hardening techniques is a plus.

• Familiarity with scripting/programming languages such as Python, Bash, or PowerShell.

• Relevant certifications such as OSCP, CEH, GPEN, LPT, or GMOB are advantageous.

• Strong analytical, communication, and teamwork skills.