Vapt Engineer-Lead

Overview

We are seeking a highly experienced and ethical Lead VAPT Engineer to head our offensive security program. This role is crucial for proactively identifying, assessing, and mitigating security vulnerabilities across our complex infrastructure, applications, and networks. The Lead VAPT Engineer will not only execute advanced testing but also define the strategy, mentor the team, and communicate risk to executive stakeholders.

Key Responsibilities

1. Technical Execution & Strategy

• Program Leadership: Design, implement, and continuously improve the organization's comprehensive Vulnerability Assessment and Penetration Testing (VAPT) framework and methodology.
• Advanced Penetration Testing: Plan and execute complex, hands-on penetration tests and red team exercises across a variety of domains:
• Web and Mobile Applications (following OWASP Top 10 and other industry standards).
• Network and Infrastructure (internal and external, cloud, on-prem).
• APIs and Web Services.
• Cloud environments (AWS, Azure, GCP) and containerized systems.
• Vulnerability Management: Oversee the vulnerability assessment program, including tool selection (e.g., Nessus, Qualys), result analysis, risk prioritization (e.g., CVSS scoring), and tracking remediation efforts.
• Exploit Development: Develop custom scripts and Proof-of-Concepts (PoCs) using scripting languages (e.g., Python, Bash, PowerShell) to demonstrate exploitability and business impact.
• Security Research: Stay current with the latest attack vectors, zero-day vulnerabilities, and industry trends to continually enhance testing techniques and the overall security posture.

2. Leadership, Reporting & Remediation

• Team Leadership & Mentorship: Lead, mentor, and train a team of VAPT engineers, fostering a culture of high performance, ethical hacking, and continuous learning.
• Risk Reporting: Translate complex technical vulnerabilities and their potential exploits into clear, comprehensive, and actionable reports for both technical teams and executive management.
• Stakeholder Collaboration: Work directly with Development, DevOps, and IT Operations teams to validate findings, prioritize security fixes, and consult on the implementation of effective security controls.
• Compliance: Ensure all VAPT activities adhere to relevant compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, GDPR, HIPAA).

Required Qualifications & Skills

• Experience: Minimum 5-8 years of experience in the Cybersecurity domain, with at least 2-3 years in a Lead, Senior, or Architect-level VAPT role.
• Deep Technical Proficiency: Mastery of offensive security tools and frameworks, including Burp Suite Pro, Metasploit, Nmap, Nessus/Qualys, and Kali Linux.
• Scripting: Strong proficiency in at least one scripting language (Python, Bash, or PowerShell) for automation and exploit development.
• Methodologies: In-depth knowledge of penetration testing methodologies (e.g., OSSTMM, PTES) and security standards (e.g., OWASP Top 10, SANS Top 25).
• Networking: Strong understanding of network protocols (TCP/IP, HTTP, etc.), architecture, and security controls (Firewalls, IDS/IPS, WAF).

Certifications (Highly Desirable)

• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

Soft Skills:

Excellent written and verbal communication, project management, and the ability to articulate technical risk to non-technical business leaders.