Job Description

Job Title: Vulnerability Assessment and Penetration Testing (VAPT) Specialist Job Type: Full-time Location : Chennai only Key Responsibilities: Vulnerability Assessment: Perform vulnerability scans and assessments using industry-standard tools and frameworks. Analyze scan results to identify potential security risks, including configuration flaws, software vulnerabilities, and other potential weaknesses. Prioritize vulnerabilities based on risk analysis and collaborate with other teams to remediate issues. Penetration Testing: Conduct penetration tests (ethical hacking) on web applications, networks, and infrastructure to simulate real-world attacks and identify potential vulnerabilities. Perform manual and automated testing techniques to assess the effectiveness of existing security measures. Provide detailed technical analysis and reports on findings, including proof of concept for vulnerabilities and suggested mitigation strategies. Collaborate with the development and IT teams to assist in identifying weaknesses and remediating them. Security Assessments: Assist in conducting risk assessments and threat modeling to identify high-priority areas that require penetration testing. Evaluate security controls and recommend improvements to enhance overall system security. Keep track of the latest security vulnerabilities, exploit techniques, and penetration testing methodologies. Reporting & Documentation: Document findings and deliver comprehensive vulnerability assessment and penetration testing reports to both technical and non-technical stakeholders. Provide remediation guidance and work with relevant teams to develop strategies for patching vulnerabilities and improving security measures. Maintain an up-to-date record of identified vulnerabilities and mitigation efforts. Required Skills & Qualifications: Bachelors degree in information security, Computer Science, or related field (or equivalent work experience). Proven experience in vulnerability assessments, penetration testing, or ethical hacking. Strong knowledge of penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Nessus, Wireshark, etc.). Understanding of common web application vulnerabilities (e.g., SQL injection, cross-site scripting, etc.) and how to exploit and mitigate them. Experience with network security protocols and services (e.g., TCP/IP, DNS, HTTP, VPN, firewall configurations). Proficiency in scripting and automation using languages such as Python, Bash, or PowerShell to assist in penetration testing. Strong understanding of security frameworks (e.g., OWASP, NIST, ISO 27001). Familiarity with compliance requirements such as GDPR, PCI-DSS, and HIPAA. Preferred Qualifications: Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), or GIAC Penetration Tester (GPEN). Hands-on experience with web application, mobile application, API and network-based penetration testing. Familiarity with cloud platforms (e.g., AWS, Azure) and their security features. Experience with source code review or application security assessments. Please share the resumes to "priyanga.govindharaj@aspiresys.com"