Cybersecurity Analyst – VAPT - DAST and SAST

Location:

Department:

Experience:

Certifications Preferred:

About the Role

Cybersecurity Analyst (Vulnerability Assessment & Penetration Testing)

This role requires a strong understanding of offensive security, exploit development, red teaming methodologies, and secure coding practices to identify, exploit, and document vulnerabilities with actionable recommendations.

Key Responsibilities

• Conduct

  Vulnerability Assessments and Penetration Tests (VAPT)

  across:
• Web applications, APIs, and backend services
• Android and iOS mobile applications
• Corporate and cloud networks
• Active Directory and internal infrastructure
• Perform

  SAST & DAST

  on custom applications using manual and automated tools.
• Analyze

  source code (Java, Python, PHP, .NET, etc.)

  to identify logic flaws and insecure coding practices.
• Execute

  Red Team exercises

  , simulate attack chains, and evaluate defense mechanisms.
• Generate detailed

  technical reports

  with PoC evidence, exploit steps, risk severity, and remediation guidance.
• Collaborate with development and DevSecOps teams to verify fixes and retests.
• Maintain up-to-date knowledge of the latest vulnerabilities, exploits, and security tools.
• Support compliance assessments and cybersecurity trends.

Required Skills and Expertise

• Strong knowledge of

  OWASP Top 10

  ,

  SANS CWE 25

  , and

  MITRE ATT&CK

  frameworks.
• Hands-on experience with tools like

  Burp Suite, ZAP, Metasploit, Nmap, Nessus, Nikto, MobSF, Frida, Drozer, Postman, SQLMap

  , etc.
• Deep understanding of

  authentication flaws, insecure direct object references, API abuse, and privilege escalation.

• Practical experience with

  Active Directory attacks

  (Kerberoasting, Pass-the-Hash, LLMNR poisoning, etc.)
• Proficiency in scripting languages (Python, Bash, PowerShell) and code review.
• Excellent analytical, reporting, and communication skills.

Certifications (Preferred but not Mandatory)

• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• eLearnSecurity Certified Professional Penetration Tester (eCPPT)
• GIAC Penetration Tester (GPEN)
• eWPT / eWPTX / eJPT

Educational Qualification

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
• Equivalent hands-on experience may be considered as a substitute for formal education.

Why Join Us

• Opportunity to work on

  real-world red teaming engagements

  and advanced VAPT projects.
• Exposure to

  global clients

  in the BFSI, IT, and healthcare domains.
• Continuous learning through

  internal labs, CTFs, and tool research.

• Competitive pay, certification sponsorship, and a growth-oriented culture.