VAPT Manager

Role & responsibilities:

• As a technical leader, drive the future strategy for threat intelligence, security architecture reviews, vulnerability management, security configuration, DevSecOps, and application security.
• Conduct both manual and automated internal and external vulnerability assessments across IT, cloud, and OT environments.
• Perform security control and vulnerability assessments specifically within OT environments.
• Execute Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to identify vulnerabilities in software applications.
• Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, Android applications, and APIs. Perform Gray Box and/or penetration testing on web, API, and mobile devices (Android).
• Complete project tasks with high quality and within deadlines. Analyze findings, draw comprehensive conclusions, and provide detailed recommendations and mitigation plans.
• Clearly communicate technical impacts and business risks to non-technical audiences after project completion.
• Provide expert advice on selecting and implementing appropriate security assessment and testing software and tools.
• Implement and manage DevSecOps practices using the Software Assurance Maturity Model (SAMM) to evaluate and enhance the security of software development processes.
• Adhere to security standards and frameworks, implementing best practices and methodologies.
• Work closely with product development teams to ensure adherence to secure coding practices.
• Educate customers, technical teams, and application developers about emerging threats, vulnerabilities, and application security, promoting a Security Champion program to raise awareness.

Preferred candidate profile:

• Over 8 years of experience in leading and managing threat and vulnerability functions, projects, and customer engagements.
• 4-6 years of direct, hands-on experience in cybersecurity, including familiarity with security standards and best practices, vulnerability assessments, web application testing, network and mobile application assessments, and penetration testing.
• 1-2 years of experience in enterprise security management, including security product/solution integration and security operations, with a solid understanding of network and system security concepts, standards, and best practices.
• Proven track record in building, leading, and managing security teams, with experience in cybersecurity practices, application security (AppSec), threat intelligence, vulnerability management, penetration testing, and infrastructure security assessment.
• Demonstrated excellence in project management, service management, and customer relations.
• Exceptional written, presentation, and verbal communication skills, essential for effective team coordination, partner support, and service discussions.
• Strong analytical abilities with a creative approach to solving complex technical problems.