Senior Consultant – VAPT

Job Title:

Location:

Experience:

Job Type:

Department:

Job Summary:

Senior Consultant – VAPT

Key Responsibilities:

• Conduct

  end-to-end VAPT

  on:
• Web applications
• Mobile applications (Android/iOS)
• Internal and external networks
• Cloud environments (AWS, Azure, GCP)
• APIs and IoT devices (as applicable)
• Perform

  manual and automated security testing

  using industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, Nessus, Nikto, etc.)
• Simulate real-world cyberattacks to uncover security weaknesses.
• Prepare

  detailed vulnerability assessment reports

  , risk analysis, and executive summaries for technical and non-technical stakeholders.
• Collaborate with clients to

  remediate identified vulnerabilities

  and re-test fixes as necessary.
• Stay updated on the latest security threats, vulnerabilities, tools, and best practices.
• Assist in developing

  security testing methodologies

  and improve internal testing frameworks.
• Mentor junior team members and support in training activities when required.
• Support pre-sales and proposal writing with technical inputs and scope definition when required.

Required Skills & Qualifications:

• Minimum

  3 years of hands-on experience

  in VAPT roles.
• Strong knowledge of OWASP Top 10, SANS Top 25, and MITRE ATT&CK Framework.
• Experience in using tools such as:
• Burp Suite Pro, OWASP ZAP
• Kali Linux toolset (e.g., Nmap, Nikto, Hydra, SQLMap)
• Metasploit, Nessus, Nexpose, Qualys, Acunetix, etc.
• Good understanding of

  secure coding practices

  and common application/infrastructure vulnerabilities.
• Familiarity with scripting languages (Python, Bash, PowerShell) for custom tools or automation is a plus.
• Certifications such as

  OSCP, CEH, eCPPT, CRTP, or equivalent

  is highly desirable.
• Strong communication and documentation skills.
• Ability to work independently and in a team environment.
• Willingness to travel for on-site assessments if required.

Preferred Qualifications:

• Experience in

  Red Teaming or Purple Teaming

  engagements.
• Exposure to

  DevSecOps

  , CI/CD pipelines, or Secure SDLC processes.
• Experience with cloud security testing (AWS, Azure, GCP).
• Knowledge of regulatory frameworks (PCI-DSS, ISO 27001, NIST, etc.)