6 Ejpt Jobs

Job Title: VAPT Consultant Note: Looking only for candidates who can join within 45 days. Qualifications: • BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge • 2-5 years hands on experience working in VAPT, working for cybersecurity industry. • Candidate must have cybersecurity related certifications such as CEH or eJPT or eWPT or CRTP or any other similar certification. • Candidates must have hands on experience in red teaming or source code review or cloud configuration review in addition to VAPT Role and Responsibility: • Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. • Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. • Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. • Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. • Performing comprehensive review and threat adversary modeling for web applications. • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting • Conduct and compile findings on new vulnerabilities, new tools for departmental use. • Create project deliverables / reports and assist the client with remediations and discussions. • Abide by the project timelines and maintain project discipline. Technical Skills Required: • Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. • Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. • Familiar working with Publicly available exploits codes. • Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. • Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes. • Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. • Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices

Role: Intern (Technical services) Job Location: Bangalore Qualifications: BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge. Certifications such as CEH or eJPT or eWPT or CRTP or any other similar certification, is mandatory. Role and Responsibility: Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. Performing comprehensive review and threat adversary modeling for web applications. Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting Conduct and compile findings on new vulnerabilities, new tools for departmental use.\ Create project deliverables / reports and assist the client with remediations and discussions. Abide by the project timelines and maintain project discipline. Technical Skills Required: Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Familiar working with Publicly available exploits codes. Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices

Company Description Quasar Cyber Tech (QCT) is a fast-moving cybersecurity startup building next-gen offensive security capabilities. If you love breaking things the right way, mentoring juniors, and shipping crisp, client-ready reportslets talk. What you&aposll do Plan & execute network, web, and API penetration tests (black/grey/white box). Lead/red-team style engagements (ATT&CK-aligned), exploit development & PoCs. Abuse auth flows (OAuth/JWT/SAML), test modern APIs (REST/GraphQL), cloud entry points. Run internal/external VA/PT , identify root causes, and drive remediation guidance . Write and review reports with clear risk, impact, CVSS, and reproducible steps. Mentor interns/juniors; perform peer reviews, checklists, and quality gates. Collaborate with engineering/AppSec to fix issues fast (threat modeling, SDL inputs). Must-haves 25 years hands-on pentesting/red-team experience (network + web + API ). Strong with Burp Suite , Nmap , OWASP ZAP , Metasploit , nuclei , Kali/Parrot . Solid knowledge of OWASP Top 10 / API Top 10 , PTES , MITRE ATT&CK . Scripting for automation ( Python/PowerShell/Bash ), interceptor tools ( Postman , ffuf , jwt-tool ). Certifications: CEH (valid) or equivalent (e.g., OSCP/OSWE/OSEP/eJPT/GPEN/GWAPT/CRTP ). Excellent documentation & client communication skills. Nice-to-haves AD/Windows attack paths (Kerberoasting/NTLM relays), Azure/AWS footholds. Mobile app testing (Android/iOS), container/k8s attack surface. Experience with banks/fintech or regulated environments (RBI/CERT-In exposure). Why join us (startup reality) High ownership & impact : real clients, real production findings, real fixes. Flexibility with sprints, night windows for red-team ops when needed. Culture of learning & success : opportunities & time for research/PoCs. Competitive salary + performance bonus + fast-track growth. Send your resume to [HIDDEN TEXT] with subject PenTester/Red Team . Optionally include a short note on your favourite exploit chain or a link to a report sample / your work etc . Show more Show less

Summary: We are seeking a skilled and detail-oriented Application Security Penetration Tester to join our cybersecurity team. The primary goal of this role is to ensure secure software delivery by planning, executing, and documenting penetration tests on enterprise applications, identifying vulnerabilities, and supporting remediation efforts. Experience: 5+ years Main Responsibilities: As a Penetration Tester, you will be responsible for conducting comprehensive security assessments across various applications. Preparatory Phase: Conduct kick-off meetings with application owners to define the scope and feasibility of penetration tests. Review functional and technical aspects of applications to prepare for testing. Deliver scope documentation and meeting minutes within defined timelines. Operational Phase: Execute penetration tests on applications to identify exploitable vulnerabilities. Analyze application security posture and provide detailed findings. Prepare and present reports and findings to stakeholders. Coordinate with development and security teams for issue resolution. Post-Operational Phase: Conduct restitution meetings to recap completed tests and their outcomes. Create detailed documentation for retesting and audit purposes. Support closure of identified issues (PTRs) and track remediation progress. Maintenance Phase: Re-evaluate and close PTRs as part of ongoing security maintenance. Contribute to efficiency improvements and automation of pentest processes. Collaborate on tooling design and documentation enhancements. Key Requirements: Security Expertise - Application security testing, Penetration testing, Vulnerability assessment, Reverse engineering Knowledge Areas - OWASP Top 10, Secure coding practices, CVSS v2.0, CVSS Calculator v4.0 Tools & Technologies - Burp Suite Professional, OWASP ZAP, Nessus, Metasploit, Linux & Windows OS Programming Skills - Scripting experience (Python, JavaScript) Certifications - OSCP, PNPT, CPT, CEPT, CCPT, eJPT / PJPT Soft Skills - Fluent English (spoken & written), Team collaboration Nice to Have: PCI-DSS auditing experience Security audits and compliance frameworks NodeJS, VueJS CEH, GWAPT certifications Fast learner, Autonomy Multicultural team experience Other Details: This position requires the delivery of pentest reports, documentation for retesting, remediation proposals, and coordination with development teams. It also involves tooling design and automation in pentest workflows. Show more Show less

Key Responsibilities: Assist in web, network, and system penetration testing. Conduct vulnerability scans using tools like Nmap, Nessus, and OpenVAS . Assist in social engineering or phishing assessments (if applicable). Prepare clear documentation, reports, and remediation guidance for stakeholders. Maintain knowledge of latest threats, vulnerabilities, and attack techniques. Must-Have Skills: Basic knowledge of networking, OSI model, and common protocols (TCP/IP, HTTP, DNS). Familiarity with Linux and Windows systems. Exposure to tools like Burp Suite, Nmap, Wireshark, Metasploit, Nikto. Understanding of OWASP Top 10 vulnerabilities. Basic scripting knowledge (Python, Bash preferred). Experience with Kali Linux or Parrot OS. Good to Have: Certifications such as CEH, OSCP, eJPT, or Security+. Familiarity with cloud environments (AWS/Azure/GCP) security practices. Basic understanding of firewalls, IDS/IPS, and SIEM tools. Participation in CTFs or bug bounty platforms.

This is a full-time on-site role for a Penetration Tester located in Faridabad. The Penetration Tester will be responsible for identifying and exploiting vulnerabilities in application security, as well as performing red teaming exercises. Role & responsibilities Plan and perform external penetration tests and vulnerability scans against clients websites, APIs, and network edge, employing manual research techniques and industry-standard tools (e.g., Burp Suite, Nessus). Validate and triage findings, assign severity ratings (e.g., CVSS), and produce professional audit reports that translate technical risks into actionable business recommendations. Engage with client stakeholders - present interim findings, advise on mitigation strategies, and retest remediated issues to verify closure. Preferred candidate profile Deep understanding of VAPT methodologies (OSSTMM, PTES) and research approaches. Proficiency with web-app testing tools (Burp Suite, OWASP ZAP) and network scanners (Nmap). Strong knowledge of OWASP Top 10, CVSS scoring, and network attack vectors. Excellent written and verbal communication skills for client reporting and technical presentations. Scripting ability (Python, Bash, PowerShell) for automation of scans and proof-of-concept research. Hands-on cybersecurity experience such as accepted bug bounties, CTF rankings, disclosable VAPT reports, CVE contributions, or practical certifications like OSCP, eJPT. Familiarity with compliance frameworks (PCI-DSS, ISO 27001, GDPR) and translating audit results into compliance guidance.