Cybersecurity

Job Summary:

The VAPT Specialist is responsible for conducting vulnerability assessments and penetration testing (VAPT) across web applications, mobile applications, and APIs. With approximately 4 years of hands-on experience, the specialist identifies, analyzes, and mitigates security vulnerabilities, ensuring the organization's systems remain secure. The role requires expertise in security frameworks such as OWASP Top 10 and SANS Top 25 to assess risks and deliver actionable recommendations. The candidate will collaborate with development and security teams to remediate identified vulnerabilities and strengthen the organization's overall security posture. Strong analytical skills and a proactive approach are essential for success in this role.

Job Purpose:

The VAPT Specialist is responsible for conducting vulnerability assessments and penetration testing (VAPT) across web applications, mobile applications, and APIs. With approximately 4 years of hands-on experience, the specialist identifies, analyzes, and mitigates security vulnerabilities, ensuring the organization's systems remain secure. The role requires expertise in security frameworks such as OWASP Top 10 and SANS Top 25 to assess risks and deliver actionable recommendations. The candidate will collaborate with development and security teams to remediate identified vulnerabilities and strengthen the organization's overall security posture. Strong analytical skills and a proactive approach are essential for success in this role.

Job Responsibilities:

• Administrative / Co-Ordination - 1.Reporting: Generate detailed, clear, and actionable penetration testing reports, including findings, risk assessments, exploit demonstrations, and remediation advice. Communicate results to technical and non-technical stakeholders. 2.Collaboration: Work closely with development teams, IT security, and other relevant departments to assist in vulnerability mitigation and resolution efforts. Provide guidance and support during the remediation process.
• Execution / Implementation - 1.Vulnerability Assessment: Conduct vulnerability assessments on web applications, mobile applications, and APIs using automated tools and manual techniques to identify security flaws. 2.Penetration Testing: Perform penetration testing across platforms, including web applications, mobile apps, and APIs. Exploit vulnerabilities (within scope) and provide actionable remediation recommendations. 3.Mobile and API Security Testing: Test the security of mobile applications (iOS, Android) and APIs (REST, SOAP, etc.), identifying specific issues such as insecure data storage, improper authentication, and insufficient encryption.
• People Related - Engage with cross-functional teams, including development and IT security teams, to ensure effective mitigation and resolution of vulnerabilities. Offer guidance during the remediation process.
• Strategic - 1.Apply industry-standard frameworks like OWASP Top 10, SANS Top 25, and others to ensure comprehensive and up-to-date security testing. Stay current with emerging threats and vulnerabilities in the security landscape. 2.Stay updated on the latest vulnerabilities, exploits, and tools within the cybersecurity field. Participate in ongoing education to enhance penetration testing techniques and methodologies. 3.Review and analyze threat intelligence sources to align the organization’s testing and defense mechanisms with current attack trends.

Skills:

• FUNCTIONAL - 1.Experience with API testing, including authentication, authorization, and security flaws in API design and implementation. 2.Knowledge of secure coding practices and common remediation techniques. 3.Strong understanding of common web vulnerabilities (e.g., SQL injection, XSS, CSRF, etc.) and mobile-specific vulnerabilities (e.g., insecure storage, improper session handling). 4.Proficiency in penetration testing and security analysis tools.
• SOFT SKILLS / BEHAVIOURAL COMPETENCIES - 1.Excellent problem-solving skills with strong attention to detail. 2.Strong communication skills, capable of writing clear, concise reports for both technical and non-technical audiences. 3.Ability to work independently and as part of a collaborative team. 4.Ability to handle multiple tasks simultaneously in a fast-paced environment.
• TECHNICAL KNOW / HOW - 1.Proficiency in penetration testing and security analysis tools. 2.Knowledge of secure coding practices and common remediation techniques. 3.Certifications: Preferred: CEH (Certified Ethical Hacker),OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), GWAPT (GIAC Web Application Penetration Tester)