VAPT Consultant

Job description:

Job Summary:

We are looking for a highly skilled and experienced Team Lead - VAPT to spearhead offensive security engagements for our Technical Cyber Security services division. With at least 4-5 years in the industry, the ideal candidate will bring deep technical expertise, strong leadership, and a passion for proactive security testing. You will lead end-to-end VAPT projects, mentor junior analysts, engage directly with clients, and contribute to enhancing our offensive security capabilities in a dynamic threat landscape.

Key Responsibilities:

Lead VAPT projects across multiple domains, including network, application, cloud, mobile, API, and wireless security testing.

Conduct manual and automated penetration testing, simulate real-world attacks, and identify exploitable vulnerabilities.

Develop and maintain custom scripts, tools, and exploits to support advanced testing scenarios.

Prepare and deliver detailed technical reports and executive summaries with risk ratings, evidence, and remediation guidance.

Collaborate with blue teams and SOC for red/purple teaming and threat emulation exercises.

Engage in client communication, providing technical guidance and post-assessment support.

Ensure quality assurance across all deliverables and maintain compliance with cybersecurity standards and frameworks.

Continuously research new vulnerabilities, attack methods, and testing tools to improve service offerings.

Mentor junior team members and contribute to the development of internal methodologies and playbooks.

Required Qualifications:

Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field (or equivalent hands-on experience).

Minimum 4-5 years of hands-on experience in VAPT, offensive security, or ethical hacking.

In-depth knowledge of OWASP Top 10, MITRE ATT&CK, NIST, Risk Based Vulnerability Management and common vulnerability scoring systems (CVSS).

Proficiency with offensive security and testing tools (e.g. Burp Suite, Nmap, Metasploit, Nessus, Nikto, Kali Linux,etc.)

Strong understanding of network protocols, system internals, web/app architectures, and cloud platforms (AWS, Azure, GCP).

Scripting experience in Python, Bash, or PowerShell for automation and custom exploits.

Excellent communication skills for reporting, documentation, and client interaction.

Preferred Certifications (One or More):

CEH - Mandatory

OSCP (Offensive Security Certified Professional) – Strongly preferred

GPEN, CRT, eCPPT, OSCE, or other offensive security credentials

Cloud security certifications (e.g., AWS Security Specialty, AZ-500) are a plus

Desirable Skills:

Experience in Red Team, Purple Team, or Threat Emulation engagements

Exposure to DevSecOps, CI/CD pipelines, and integrating security in SDLC\

Familiarity with compliance-driven testing (e.g., PCI DSS, ISO 27001, SOC 2, HIPAA)

Client-facing experience in a consulting or MSSP environment

Experience:

VAPT: 5 years (Preferred)