VAPT Analyst

Experience : 4-8 Years

location : Manyata Techpark, Bangalore

Role : Permanent

Work Model : Work Office (Mon-Fri)

Shift Timing : 2PM - 11AM

Key Responsibilities

• Conduct Internal and External Network Assessments: Plan, execute, and document comprehensive assessments of organizational networks, identifying and exploiting infrastructure weaknesses to gauge risk exposure and recommend effective controls.
• Facilitate and Coordinate Vulnerability Assessments and Scans: Lead the end-to-end process of vulnerability assessments, including the deployment of automated and manual scans, and the orchestration of third-party services if necessary. Collaborate with cross-functional teams to ensure assessments are thorough and results-driven.
• Review Assessment Results and Oversee Remediation Activities: Analyze findings from vulnerability scans and penetration tests, translating technical data into actionable intelligence. Work closely with IT and business units to oversee and track remediation efforts, ensuring vulnerabilities are addressed in a timely and effective manner.
• Management and Maintenance of Security Databases: Ensure the ongoing accuracy and relevance of vulnerability, asset, and configuration management databases. Regularly update records to support risk analysis, compliance tracking, and reporting initiatives.
• Reporting and Communication: Provide comprehensive reports detailing findings, risk ratings, and remediation recommendations tailored for both technical and non-technical stakeholders. Present results in meetings, executive briefings, and compliance audits with clarity and authority.
• Vulnerability Prioritization: Use a risk-based approach to prioritize vulnerabilities, taking into account factors such as criticality, exploitability, and potential business impact. Advise on remediation sequencing and resource allocation for optimal risk reduction.
• Documentation and Compliance: Maintain detailed documentation throughout the assessment lifecycle, ensuring processes adhere to regulatory requirements and industry frameworks such as ISO 27001, NIST, or PCI DSS.
• Incident Response Support: Assist in incident investigations related to network or infrastructure breaches, providing forensic analysis and recommendations for future risk mitigation.