58 Penetrationtesting jobs in India

Job Title: Senior Consultant – VAPT

Location: Mumbai, India

Experience: Minimum 3 Years

Job Type: Full-Time

Department: Cybersecurity / Information Security

Job Summary:

We are looking for a highly skilled and motivated Senior Consultant – VAPT to join our cybersecurity team in Mumbai. The ideal candidate will have a solid background in Vulnerability Assessment and Penetration Testing (VAPT) across web applications, mobile applications, infrastructure, and cloud environments. You will be responsible for conducting security assessments, identifying vulnerabilities, and providing actionable recommendations to improve our clients' security posture.

Key Responsibilities:

• Conduct end-to-end VAPT on:
• Web applications
• Mobile applications (Android/iOS)
• Internal and external networks
• Cloud environments (AWS, Azure, GCP)
• APIs and IoT devices (as applicable)
• Perform manual and automated security testing using industry-standard tools (e.G., Burp Suite, Nmap, Metasploit, Nessus, Nikto, etc.)
• Simulate real-world cyberattacks to uncover security weaknesses.
• Prepare detailed vulnerability assessment reports , risk analysis, and executive summaries for technical and non-technical stakeholders.
• Collaborate with clients to remediate identified vulnerabilities and re-test fixes as necessary.
• Stay updated on the latest security threats, vulnerabilities, tools, and best practices.
• Assist in developing security testing methodologies and improve internal testing frameworks.
• Mentor junior team members and support in training activities when required.
• Support pre-sales and proposal writing with technical inputs and scope definition when required.

Required Skills & Qualifications:

• Minimum 3 years of hands-on experience in VAPT roles.
• Strong knowledge of OWASP Top 10, SANS Top 25, and MITRE ATT&CK Framework.
• Experience in using tools such as:
• Burp Suite Pro, OWASP ZAP
• Kali Linux toolset (e.G., Nmap, Nikto, Hydra, SQLMap)
• Metasploit, Nessus, Nexpose, Qualys, Acunetix, etc.
• Good understanding of secure coding practices and common application/infrastructure vulnerabilities.
• Familiarity with scripting languages (Python, Bash, PowerShell) for custom tools or automation is a plus.
• Certifications such as OSCP, CEH, eCPPT, CRTP, or equivalent is highly desirable.
• Strong communication and documentation skills.
• Ability to work independently and in a team environment.
• Willingness to travel for on-site assessments if required.

Preferred Qualifications:

• Experience in Red Teaming or Purple Teaming engagements.
• Exposure to DevSecOps , CI/CD pipelines, or Secure SDLC processes.
• Experience with cloud security testing (AWS, Azure, GCP).
• Knowledge of regulatory frameworks (PCI-DSS, ISO 27001, NIST, etc.)

We're building something audacious, something global, in next tech at Mai Labs : a new digital infrastructure layer, an internet architectural rail that puts users, builders, creators and developers first. Our mission? To distribute participatory power to billions of people in the digital economy.

What this actually means: We have built our own L1 blockchain, and a backend technical structure for protocols and ecosystem to make digital infrastructure efficient, secure and more accessible. Our global products and tools are natively built for web 3.0 world. You will work with teams working on tech products across blockchain, and distributed systems – for a real-world problem solving.

We're taking on established paths and conventional wisdom about how the Tech and Internet should work. Underlying principle is to solve the hard problem of protecting user rights, digital intellectual property rights and protection of assets in an age of AI and instant replication.

Cultural Expectations: Our start-up journey involves constant evolution and adaptation to market dynamics. People work on strategizing entirely new systems with a hands-on approach, within short time frames. Resources consciousness is high, and you get the freedom to operate across products, do your best work, and stand ahead in the tech curve. You can expect:

- Thriving in decision-making in an ambiguous, fast-paced environment

- To exhibit exceptional integrity and reliability in promise delivery

- Will collaborative and have an inclusive attitude

- A value outcome driven thinking with resource optimization

If above resonates with you, we will love to have a discussion with you.

Current Role: Ethical Hacker L2

We're building the future of decentralized infrastructure. Our mission is to make blockchain systems secure, scalable, and accessible—without compromising on privacy or performance. We’re looking for a curious and driven Ethical Hacker to help us stress-test, break, and ultimately harden our Web3 infrastructure.

Location: Noida (Remote) / 5 days

What will you get to do?

• Identify and exploit vulnerabilities in smart contracts, dApps & DeFi, and decentralized systems.
• Simulate real-world attacks on Layer 1/2 protocols, bridges, wallets, and other blockchain components.
• Develop internal tools and PoCs to automate security testing and fuzzing.
• Contribute to security best practices and awareness within the team.

Qualifications:

• Bachelor's/Master’s degree in Computer Science, Computer Engineering or related fields.
• 2+ years of experience in breaking the code to make it better.
• Strong fundamentals in cybersecurity, networking, or cryptography.
• Good understanding of Hyperledger Fabric or similar blockchain architectures (EVM, gas, tx lifecycle, etc.)
• Tinkered with smart contracts (Solidity, Vyper, etc.) and explored vulnerabilities like reentrancy, MEV, overflow/underflow. And good with writing scripts/tools in Python, Go, or JavaScript to automate findings.
• Active engagement with GitHub, CTF-obsessed, or HackerOne rated — we value skills over titles.

Hiring Process

• 3-4 rounds of interviews with Function, HR & senior leaders

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe.

At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS.

What’s in it for you?

o Immense exposure and learning

o Excellent career growth

o Company of highly passionate leaders and mentors

o Ability to build things from scratch

Know more about MGS:

Job Title - VAPT SME

Job Location - Chennai

Job Description :

We are seeking a highly skilled and experienced Vulnerability Assessment SME to join our dynamic team. You will play a critical role in safeguarding our organization's information assets by identifying, assessing, and mitigating vulnerabilities.

Roles and Responsibilities:

- Conduct vulnerability assessments using industry-leading tools (e.G., Nessus, Tenable, Qualys).

- Analyze vulnerability assessment results to identify and prioritize risks.

- Develop and maintain vulnerability management processes and procedures.

- Coordinate vulnerability remediation activities with relevant stakeholders.

- Perform penetration testing to assess the effectiveness of security controls.

- Stay up-to-date on the latest security threats and vulnerabilities.

Relevant Skills and Experience:

- 5-7 years of experience in vulnerability assessment, penetration testing.

- Strong understanding of vulnerability management concepts, principles, and best practices.

- Proficiency in using vulnerability assessment tools (e.G., Nessus, Tenable, Qualys).

- Experience in conducting penetration testing using various methodologies (e.G., black box, gray box, white box) and custom scripting.

- Knowledge of common security threats, vulnerabilities, and attack vectors.

- Experience with network and system security tools (e.G., firewalls, intrusion detection systems, antivirus).

- Experience with scripting languages (e.G., Python, PowerShell).

- Experience with cloud security (e.G., AWS, Azure, GCP).

- Familiar with KALI Linux & Parrot OS Qualifications:

- Bachelor's degree in computer science, information technology, or a related field.

- Security certifications (e.G., CISSP, CISM, CEH, OSCP).

- Strong problem-solving and analytical skills.

- Excellent communication and interpersonal skills.

- Ability to work independently and as part of a team. Additional Skills (Preferred):

- Experience with source code analysis tools.

- Experience with web application security testing.

- Experience with mobile application security testing.

- Experience with security incident response

Address: 16th Floor, Tower-B Brigade, World Trade centre, 142, Rajiv Gandhi Salai, OMR, Perungudi, Chennai, Tamil Nadu ,

Company Description-

Armoly Inc., through its initiative Bugstrace , is on a mission to build a strong community of Security Consultation Partners and Ethical Hackers . Our core service aids subscription-based clients in identifying and fixing security risks through trusted hacker partnerships. In addition, we offer expert-led cybersecurity consulting and provide industry-recognized edtech courses with certifications. As a credible source in the cybersecurity space, Armoly keeps you informed with the latest bug reports, threat intelligence, and global security news. Join us in building a safer digital future by connecting ethical hackers, securing businesses, and educating the next generation.

Role Description-

This is a remote, contract role for a Vulnerability Tester under the Partnership program. The Vulnerability Tester will conduct comprehensive security assessments to identify potential vulnerabilities, collaborate with ethical hackers to simulate cyber-attacks, and analyze systems for security weaknesses. Additionally, the tester will prepare detailed reports on findings, provide recommendations to mitigate risks, and stay updated with the latest security trends and vulnerabilities.

Qualifications-

• Experience in conducting security assessments and identifying vulnerabilities
• Knowledge of penetration testing methodologies and tools
• Proficiency in analyzing systems for security weaknesses
• Ability to prepare detailed reports and provide recommendations for risk mitigation
• Strong understanding of cybersecurity trends and vulnerabilities
• Excellent problem-solving and analytical skills
• Ability to work independently and remotely

Requirements-

-Proven experience in ethical hacking, bug bounty, or offensive security (e.G., HackerOne, Bugcrowd, OSCP, CEH).

-Strong understanding of OWASP Top 10, CVEs, and modern attack vectors.

-Familiarity with tools like Burp Suite, Nmap, Metasploit, Wireshark, etc.

-Ability to write clear and concise technical documentation.

-Commitment to ethical practices and NDA compliance.

Compensation-

• Commission-Based: You’ll be paid per validated vulnerability reported, based on severity, impact, and quality of work on your decided percentage.
• Transparent reward structure with bonus incentives for high-severity or novel findings.

Ready to hunt bugs and make systems safer?

Apply now with your resume, portfolio (if any), and past testing experience or bug bounty reports.

Submit to: LinkedIn Inbox.

JOB DESCRIPTION :

Position : Senior VAPT Consultant

Experience : 8+ years

Loc : Bengaluru

CTC : 35 % Hike on current CTC

Job type : Fulltime(Onsite)

Job Description

We are seeking an experienced and highly skilled Senior VAPT Consultant with 8+ years of hands-on experience in offensive security. The ideal candidate will possess deep technical expertise in assessing and securing complex enterprise environments, including Active Directory, web applications, networks, cloud infrastructures, APIs, and advanced adversarial simulation. This role demands a strong ability to lead engagements, mentor junior consultants, deliver high-quality technical reports, and interface with clients to provide both tactical and strategic security recommendations.

Key Responsibilities:

· Lead and conduct end-to-end penetration testing engagements across web applications, mobile apps, APIs, networks, WiFi, Active Directory, and cloud platforms (AWS, Azure, GCP).

· Execute red team and adversary simulation exercises, including phishing, lateral movement, persistence, and data exfiltration scenarios.

· Perform advanced Active Directory exploitation (on-prem, Azure AD, hybrid environments) including Kerberoasting, unconstrained delegation, golden/silver tickets, and modern AD attack chains.

· Assess and exploit cloud-native vulnerabilities, IAM misconfigurations, container/Kubernetes environments, and serverless workloads.

· Conduct wireless/WiFi pentesting (WEP/WPA/WPA2/WPA3 attacks, rogue AP, evil twin).

· Perform basic to intermediate reverse engineering and exploit development for binaries, scripts, and mobile apps.

· Utilize frameworks and tools such as Burp Suite Pro, ZAP, Caido, Metasploit, Havoc/Mythic/Sliver C2, BloodHound, Mimikatz, Impacket, and custom scripts/exploits.

· Draft and review detailed penetration testing reports, Statements of Work (SoW), Rules of Engagement (RoE), and executive presentations.

· Mentor and guide junior consultants, providing technical leadership, peer review, and training.

· Work closely with clients to communicate findings, risk implications, remediation strategies, and overall security posture improvements.

Requirements

· 8+ years of proven experience in vulnerability assessment, penetration testing, and red team operations.

· Strong expertise in Active Directory exploitation and defenses (on-prem, hybrid, Azure AD).

· Advanced skills in web application, API, and network penetration testing.

· Proficiency in cloud penetration testing (AWS, Azure, GCP) including IAM, storage, networking, and serverless security.

· Strong understanding of exploit development, reverse engineering, and evasion techniques.

· Proficiency with industry-standard tools and custom exploit/script development.

· Solid knowledge of enterprise security technologies (SIEM, SOAR, Firewalls, IDS/IPS, AV/EDR/XDR).

· Strong technical writing and client-facing communication skills, including report drafting and delivery.

· Experience in leading teams, reviewing deliverables, and mentoring junior consultants.

Preferred Qualifications

· Offensive security certifications such as OSCP, OSEP, OSED, OSWE, OSEE, CRTP, CRTE, CREST, GXPN, or equivalent .

· Experience in IoT, hardware, and automotive penetration testing .

· Prior experience in adversary emulation and purple team exercises .

· Familiarity with DevSecOps pipelines and Secure SDLC integration .

Department: Cybersecurity / Information Security

Location: Bangalore (On-site)

Employment Type: Full-time

Interested candidates can apply using the form below.

We’re hiring experienced professionals to join our Cybersecurity team in two key positions:

1. VAPT Engineer (L2/L3) – leading advanced vulnerability assessment and penetration testing across enterprise and cloud environments.
2. Information Security Lead – Managed Security Services – managing SOC operations, cloud security governance, risk management, and incident response.

Both roles demand strong technical depth, leadership maturity, and hands-on expertise in enterprise and cloud security ecosystems.

Experience: 5+ years (hands-on)

Reporting To: VAPT Lead

Certification: OSCP preferred

Mode: In-office

Key Responsibilities

• Lead penetration testing across web, mobile, cloud, and infrastructure (Black/Grey/White box).
• Perform manual and automated vulnerability assessments using tools like Burp Suite, Nessus, Metasploit, Nmap, and custom scripts.
• Conduct threat modeling, cloud environment reviews, and risk assessments for business-critical systems.
• Execute security testing on public, private, and hybrid cloud platforms (AWS, Azure, GCP).
• Document findings and provide actionable remediation recommendations.
• Collaborate with DevOps, IT, and Cloud Engineering teams to address vulnerabilities.
• Mentor junior engineers and review reports for accuracy.
• Stay updated with emerging threats, zero-days, and modern attack vectors.
• Align testing with OWASP, NIST, ISO 27001, and cloud security best practices.
• Participate in red team assessments and security audits.

Requirements

• Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field.
• Deep understanding of network protocols, OS internals (Linux/Windows), and cloud architectures.
• Strong knowledge of cloud-native security tools (AWS Security Hub, Azure Defender, etc.).
• Hands-on scripting in Python, Bash, or PowerShell.
• Familiarity with DevSecOps, CI/CD pipelines, and container security (Docker/Kubernetes).
• Experience in secure coding, exploit development, and reverse engineering.
• Certifications like OSCP, CEH, GPEN, LPT, or CISSP are highly preferred.

Experience: 8–10+ years (with 5+ in SOC Leadership)

Certification: OSCP required

Mode: In-office

Key Responsibilities

• Lead SOC operations across L1–L3 analysts, ensuring 24/7 threat monitoring.
• Drive vulnerability management, patch governance, and proactive threat mitigation.
• Manage and secure multi-cloud environments, ensuring compliance and incident readiness.
• Oversee cloud security posture management (CSPM) and identity access governance (IAM).
• Lead incident response, RCA, and recovery for major on-prem and cloud-based incidents.
• Conduct enterprise-wide risk assessments, audits, and compliance checks.
• Ensure alignment with frameworks like NIST, GDPR, HIPAA, PCI-DSS, and ISO 27001.
• Define and implement security policies, playbooks, and automation workflows for cloud and on-prem systems.
• Present dashboards, risk reports, and threat trends to executive leadership.
• Manage relationships with technology partners, MSSPs, and cloud vendors.

Requirements

• 10+ years in Information Security, with at least 5 in SOC or Managed Security leadership.
• Deep understanding of cloud architectures, workload protection, and identity management.
• Hands-on experience with SIEM/SOAR tools (Splunk, ArcSight, Cortex XSIAM, QRadar, Microsoft Sentinel).
• Expertise in threat hunting, malware analysis, endpoint security (EDR/XDR), and cloud security monitoring.
• Proficiency in tools such as WAF, DLP, Burp Suite, and Nessus.
• Strong understanding of hybrid security models and advanced persistent threat (APT) response.
• Familiarity with ITIL or service delivery frameworks is a plus.
• Certifications such as CEH, OSCP, CISSP, or relevant cloud security credentials (CCSP, AWS Security Specialty) preferred.

Interested candidates can apply using the form below.

Please select the role you’re applying for and share your details accurately.

Or Send your resume to

Your potential, unleashed.

India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond.

At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.

The team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks

Your work profile.

As an Assistant Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: -

Key Responsibilities:

• Total 3+years of experience in Cyber security
• VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review
• Certification - OSCP, CRTP, CEH, EJPT
• Understanding of basic business and information technology management processes.
• Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture.
• Experience of Web Application Security Testing, Infrastructure VAPT, API testing.
• Experience on Mobile Security Pen-Testing (iOS and Android).
• Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc.
• Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc.
• Experience in basic scripting such as: Shell, Python, PERL, etc.
• Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5

Desired qualifications / Education :

· B.Tech /BE /BCA / B.Sc /M.Tech - Full time

· Candidates must possess security certification of CEH, LPT, OSCP.

· Good to have security certification for GPEN, CREST

Your role as Leader

We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society.

In addition to living our purpose, Senior Executive across our organization must strive to be:

• Inspiring - Leading with integrity to build inclusion and motivation
• Committed to creating purpose - Creating a sense of vision and purpose
• Agile - Achieving high-quality results through collaboration and Team unity
• Skilled at building diverse capability - Developing diverse capabilities for the future
• Persuasive / Influencing - Persuading and influencing stakeholders
• Collaborating - Partnering to build new solutions
• Delivering value - Showing commercial acumen
• Committed to expanding business - Leveraging new business opportunities
• Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization
• Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities
• Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s).
• Managing change - Responding to changing environment with resilience
• Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision
• Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems
• Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte
• Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviors and attitudes to become more inclusive.

How you’ll grow

Connect for impact

Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report.

Empower to lead

You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership.

Inclusion for all

At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters.

Drive your career

At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte.

Everyone’s welcome… entrust your happiness to us

Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you.

Interview tips

We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

*Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices.

At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

In this regard, you may refer to a more detailed advisory given on our website at:

• Vulnerability Management Specialist (AWS & Wiz)
• AWS
• WIZ

Responsibilities

• Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
• Manage end-to-end security assessment projects, including scoping, execution, reporting, and remediation guidance.
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly.
• Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions.
• Collaborate closely with client stakeholders to ensure security recommendations are practical and actionable.
• Advanced Threat Modelling & Risk Assessment
• Design and maintain threat models tailored to client applications, networks, and cloud environments.
• Perform risk assessments focusing on business impact and likelihood of exploitation.
• Develop attack scenarios based on the latest threat intelligence and real-world attacker techniques.
• Guide clients in integrating security into their software development lifecycle (SDLC) and cloud infrastructure designs.
• Penetration Testing & Red Team Operations
• Lead advanced black-box, grey-box, and white-box penetration testing engagements for web applications, APIs, networks, and cloud environments.
• Conduct sophisticated Red Team exercises to simulate targeted attack campaigns.
• Design and develop custom exploits and testing tools to replicate specific attacker techniques.
• Perform social engineering tests (phishing campaigns, physical security assessments) in controlled and ethical scenarios.
• Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans.
• Comprehensive Reporting & Documentation
• Produce clear and technically thorough vulnerability assessment and penetration testing reports.
• Create executive-level summaries focused on business impact and compliance risks.
• Maintain structured and up-to-date testing methodologies and playbooks.
• Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies.
• Technical & Programming Expertise
• Expert in vulnerability assessment and exploitation techniques across a wide range of technologies.
• Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump.
• Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive testing tasks and tool workflows.
• Capable of custom tool development and advanced exploit research to target unique client environments.
• Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis.
• In-depth understanding of cloud security risks, identity and access management, and container security (Docker, Kubernetes).
• Social Engineering & OSINT Expertise
• Design and execute social engineering and phishing simulations tailored to client environments.
• Perform physical security assessments through tactics like tailgating and badge cloning.
• Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for assessments.
• Provide training and awareness recommendations based on assessment outcomes.
• Professional Attributes & Mindset
• Strong analytical, problem-solving, and creative thinking skills.
• Ethical hacker mindset with a continuous drive to research emerging threats, attack techniques, and defense bypass methods.
• Methodical and detail-oriented approach to testing with the ability to think like an attacker.
• Strong communication and presentation skills, able to engage both technical teams and business leadership.
• Proactively innovate by developing new tools, scripts, or methodologies to improve testing efficiency and depth.

Qualifications

• 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and security consulting.
• Strong technical expertise in application security, network security, cloud security (AWS, Azure, GCP), and infrastructure security testing.
• Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc.
• Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual testing methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis.
• Experience conducting cloud security assessments, including misconfigurations, IAM permissions analysis, and container security.
• Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and tools.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK.
• Strong reporting and documentation skills, able to translate technical findings into business friendly recommendations.
• Excellent communication and stakeholder management skills, able to lead client-facing engagements.
• Relevant certifications are a strong plus (e.g., OSCP, CREST, CISSP, CEH, GIAC GPEN).

Preferred Qualifications:

• Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable.
• Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks.
• Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001.
• Prior consulting experience in a service delivery or customer-facing environment.
• Experience with threat intelligence platforms and indicators of compromise (IoCs).