Cyber Security Engineer - VAPT

Experience : 5+ years in Cybersecurity

Location : Hyderabad

Job Summary

Key Responsibilities

• Plan and execute black-box, white-box, and gray-box penetration tests.
• Identify, analyze, and report security vulnerabilities in web applications, REST/SOAP APIs, network infrastructures, and database systems.
  

Security Testing

• Perform security code reviews and static/dynamic analysis on application source code.
• Execute automated and manual security test cases, including OWASP Top 10, SANS Top 25, and API-specific risks.
  

Tooling & Automation

• Develop and maintain custom scripts and tooling to automate reconnaissance, scanning, exploitation, and reporting.
• Integrate security testing into CI/CD pipelines and DevSecOps workflows.
  

Risk Analysis & Reporting

• Assess business impact and prioritize vulnerabilities by severity and exploitability.
• Produce clear, actionable reports and work with development teams to validate fixes.
  

Collaboration & Advisory

• Liaise with developers, DevOps, and IT/network teams to remediate security findings.
• Provide guidance on secure coding practices, hardening configurations, and security best practices.
• Providing assistance to other teams (project, commercial, product, customer success) in answering cyber security related questions raised by/in customer/project tenders.
  

Required Qualifications

• Bachelors degree in computer science, Information Security, or related field.
• 3+ years of professional experience in VAPT and security testing.
  

Technical Skills

• Proficient in at least two of : Python, Java, C#, Ruby, Go, or JavaScript/TypeScript.
• Shell scripting (Bash/PowerShell) for automation.
  

Security Tools & Frameworks

• Web/API testing : Burp Suite, OWASP ZAP, Postman, SoapUI.
• Network scanning : Nmap, Nessus, OpenVAS.
• DB security : SQLMap, DbProtect, manual SQL injection testing.
• Static/Dynamic analysis : SonarQube, Trivy, Fortify, Checkmarx, Veracode.
  

Protocols & Technologies

• HTTP/S, REST, SOAP, TCP/IP, DNS, LDAP, OAuth/OIDC, JWT.
• Database platforms : MySQL, PostgreSQL, SQL Server, Oracle.
  

Standards & Compliance

• Familiarity with OWASP Top 10, SANS Top 25, PCI-DSS, ISO 27001/27002, NIST.
  

Preferred Skills

• Experience with cloud security testing (AWS, Azure, GCP).
• Familiarity with container and orchestration security (Docker, Kubernetes).
• Certification(s) : OSCP, CEH, CISSP, CISM, or similar.
• Hands-on in DevSecOps integration and security automation frameworks (e.g., Jenkins, GitLab CI, Terraform).
  

Soft Skills

• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication for clear reporting and stakeholder engagement.
• Ability to work independently and as part of a cross-functional team.