Cybersecurity Engineer

We are seeking a highly skilled Cybersecurity Engineer with strong hands-on experience in any of the following areas: Web Application & API VAPT, Mobile Application Security Testing, Cloud Security (AWS/Azure/GCP), DevSecOps, Secure Code Review.

This position is ideal for professionals with a developer background or a deep understanding of SDLC, application architecture, code flows, and coding principles.

• This is a pure VAPT-focused role, not involving SOC monitoring or analytics.

Key Responsibilities

• Perform Web Application & API VAPT using Burp Suite Pro (mandatory).
• Conduct Mobile Application Security Testing (Android/iOS) using tools like MobSF, Frida, jadx, etc.
• Execute reconnaissance, OSINT, and attack surface mapping using Amass, Subfinder, Nmap, etc.
• Carry out basic network security assessments including scanning, service enumeration, firewall review, and network-level vulnerability identification.
• Evaluate cloud security for AWS/Azure/GCP, focusing on IAM, misconfigurations, storage security, and network controls.
• Integrate DevSecOps practices into CI/CD pipelines using SAST/DAST/SCA tools.
• Perform secure code reviews for modern development stacks (Java, Python, .NET, Node.js, etc.).
• Prepare detailed VAPT and security assessment reports with remediation strategies.
• Collaborate with developers, DevOps, and cloud engineers to validate and close vulnerabilities.
• Stay updated with the latest exploits, attack methodologies, and security trends.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2 to 3+ years of hands-on experience in at least one major specialization: Web VAPT, Mobile Security, Cloud Security, DevSecOps, Secure Code Review, Recon, or Network Security.
• Strong manual testing skills and experience with: Burp Suite Pro (mandatory), ZAP, Nikto, Nmap, Wireshark, MobSF, Frida, jadx, Amass, Subfinder, Gobuster.
• Good understanding of OWASP Top 10 (Web, API & Mobile), SANS CWE Top 25, Secure SDLC, coding patterns, TCP/IP, DNS, HTTP/HTTPS, SSL/TLS.

Preferred Qualifications (Good to Have)

• Certifications: OSCP, OSWE, OSCE, CEH Practical, eWPT/eWPTX, eJPT, eCPPT, or Cloud Security certifications.
• Experience in bug bounty programs, ethical hacking, or professional VAPT projects.
• Hands-on usage of CI/CD security tools and DevSecOps workflows.
• Demonstrated experience through labs, personal projects, or security research contributions.

Why Join Us

• Opportunity to work on real-world offensive security projects across Web, Mobile, Cloud, and DevSecOps.
• Exposure to modern tools, frameworks, and enterprise-grade environments.
• Work alongside a skilled cybersecurity team with strong mentoring and collaboration.
• Continuous learning opportunities and career advancement.
• Be a key contributor in strengthening the organization's security posture.

Experience

• 2–4 Years