Job
Description
Job Title: VAPT Consultant Note: Looking only for candidates who can join within 30 days. Qualifications: BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge 2-5 years hands on experience working in VAPT, working for cybersecurity industry. Candidate must have cybersecurity related certifications such as eJPT or eWPT or CRTP or CRTO or OSCP. Candidates having hands on experience in red teaming or source code review or cloud configuration review in addition to VAPT are preferable Role and Responsibility: • Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. • Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. • Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. • Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. • Performing comprehensive review and threat adversary modeling for web applications. • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting • Conduct and compile findings on new vulnerabilities, new tools for departmental use. • Create project deliverables / reports and assist the client with remediations and discussions. • Abide by the project timelines and maintain project discipline. Technical Skills Required: • Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. • Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. • Familiar working with Publicly available exploits codes. • Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. • Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes. • Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. • Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices
