4,612 Vulnerability Assessment jobs in India

Job Title: Vulnerability Assessment & Penetration Testing (VAPT)

Key Responsibilities

• Conduct Vulnerability Assessment and Penetration Testing (VAPT) on web applications, APIs, mobile applications, internal networks, external networks, and cloud environments.
• Perform manual penetration testing following industry frameworks such as OWASP, NIST, PTES, and SANS.
• Identify and exploit security vulnerabilities, misconfigurations, and insecure coding practices.
• Prepare detailed technical VAPT reports with risk ratings, impact analysis, and remediation recommendations.
• Collaborate with developers, IT teams, and stakeholders to validate and retest resolved vulnerabilities.
• Stay updated with emerging security threats, exploit techniques, and vulnerability disclosures.
• Participate in red team and security assessment exercises as required.

Qualifications

• Bachelors degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Proven experience in conducting VAPT for applications, networks, and cloud environments.
• Strong understanding of security frameworks and testing methodologies.
• Familiarity with tools such as Burp Suite, Nmap, Metasploit, OWASP ZAP, Nessus, etc.

Certifications (Preferred)

• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)
• eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme)
• eCPPT (eLearnSecurity Certified Professional Penetration Tester)

Key Skills

• Web application security testing
• API security testing
• Mobile application security
• Network security testing (internal & external)
• Risk analysis and reporting
• Communication and documentation skills

Key Skills for a Penetration Tester (Pen Tester)

Penetration testers, often called ethical hackers, simulate cyberattacks to find and exploit vulnerabilities in systems, networks, applications, and processes. Below, I have outlined essential skills grouped by the focus areas in your query: ethical hacking, vulnerability assessment, network security, and DevSecOps. These are drawn from industry guides, job descriptions, and certification paths, emphasizing both technical and soft skills. Skills are prioritized based on commonality across sources, with top and underrated ones highlighted.

Ethical Hacking Skills

These involve thinking like an attacker to evaluate defences ethically, including reconnaissance, scanning, exploitation, and reporting.

• Ability in ethical hacking methodologies : Master the five phases (reconnaissance, scanning, vulnerability assessment, exploitation, reporting) and tools like Metasploit, Burp Suite, and OWASP ZAP.
• Social engineering tactics : Simulate phishing, pretexting, and baiting to evaluate human vulnerabilities.
• Exploit development and reverse engineering : Write custom exploits and analyse software to uncover hidden weaknesses.
• Underrated: Creativity and persistence : Innovate attack vectors and persist through failures to mimic real threats.

Vulnerability Assessment Skills

Focus on finding, prioritizing, and mitigating weaknesses before exploitation.

• Vulnerability scanning and analysis : Use tools like Nessus, Qualys, and Nmap to detect and evaluate risks in systems and apps.
• OWASP Top 10 knowledge : Find common web app flaws like injection attacks and broken authentication.
• Root cause analysis : Trace issues to technical or process gaps and recommend remediations.
• Advanced threat modelling : Assess sophisticated risks like zero-days and supply chain attacks.

Network Security Skills

Emphasize securing and testing wired/wireless infrastructures against unauthorized access.

• Network protocol ability : Deep knowledge of TCP/IP, HTTP, DNS, and evasion techniques for firewalls/IDS.
• Wireless and wired testing : Use tools like Aircrack-ng and Wireshark to probe for gaps in Wi-Fi and LAN setups.
• OS exploitation : Target Windows, Linux, and macOS vulnerabilities in network environments.
• Underrated: Scripting for automation : Python, Bash, or PowerShell to streamline network scans and exploits.

DevSecOps Skills

Integrate security into CI/CD pipelines, ensuring "shift-left" testing in agile environments.

• CI/CD pipeline integration : Embed pen testing into automated workflows using tools like Jenkins or GitLab for continuous vulnerability checks.
• Cloud security : Assess AWS, Azure, or GCP misconfigurations and IaC vulnerabilities (e.G., Terraform scans).
• Threat modelling and risk assessment : Embed security reviews in development cycles, including SAST/DAST tools.
• Underrated: Collaboration with devs : Forceful communication to provide actionable feedback without slowing releases.

Top Certifications

• CEH, OSCP, C|PENT (Ethical hacking)
• GIAC GPEN, CompTIA PenTest+ (Vulnerability Assessment)
• C|ND, CISSP (Network Security)
• D|SE, AWS Certified Security( DevSecOps)

Life on the team

A highly skilled and motivated Penetration Tester to join our dynamic cybersecurity team. In this role, you will be responsible for identifying vulnerabilities in our systems, applications, and networks through various penetration testing methodologies. You will play a critical role in strengthening our security posture and protecting our valuable assets from cyber threats.

What you’ll do

Core Responsibilities:

• Conduct comprehensive penetration tests: Execute internal and external network penetration tests, web application penetration tests, mobile application penetration tests, API penetration tests, cloud security assessments, and social engineering simulations.
• Vulnerability identification and analysis: Research, identify, and exploit security vulnerabilities in a variety of systems and applications.
• Red/Purple/Blue Teaming: participate in exercises with the goal of increasing cyber resilience for both offensive and defensive.
• Reporting and documentation: Prepare detailed and professional penetration test reports, including executive summaries, technical findings, risk ratings, and actionable recommendations for remediation.
• Collaboration and communication: Work closely with development, operations, and security teams to communicate findings, explain risks, and provide guidance on remediation strategies.
• Tooling and methodology enhancement: Continuously research and evaluate new penetration testing tools, techniques, and methodologies to improve testing efficiency and effectiveness.
• Security awareness: Contribute to the development and delivery of security awareness training for internal staff.
• Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices.
• Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws.
• Ad-hoc security testing: Perform ad-hoc security assessments and provide expert advice on security-related matters as needed.

Critical Success Factors:

• Strong ethical hacking mindset: A genuine passion for breaking things and understanding how they work, coupled with an unwavering commitment to ethical conduct.
• Analytical and problem-solving skills: Ability to dissect complex systems, identify subtle vulnerabilities, and devise creative attack scenarios.
• Attention to detail: Meticulous in documenting findings and ensuring accuracy in reporting.
• Excellent communication skills: Ability to clearly and concisely communicate highly technical information to both technical and non-technical audiences, both verbally and in writing.
• Proactive and self-motivated: Ability to work independently and manage multiple projects simultaneously, demonstrating initiative and ownership.
• Adaptability and continuous learning: Eagerness to learn new technologies, tools, and methodologies in a rapidly evolving threat landscape.
• Results-oriented: Focus on delivering high-quality, impactful security assessments that drive tangible

What you’ll need

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 10+ Years of experience
• OSCP, PNPT or equivalent certification
• At least three years’ experience working full-time as a penetration tester on the following areas as a minimum:
• Infrastructure
• Active Directory networks
• Web Application penetration testing
• Cloud security (Entra ID/Azure)
• (optional) IoT
• (optional) mobile
• (optional) physical security / social engineering
• Ability to develop custom tools, or adapt existing tooling for the task at hand
• (optional) public blogs, research or talks
• (optional) demonstrable experience contributing to open-source tools

Skills and Competencies

• Strong Knowledge in SIEM operations, Threat operations, security monitoring, SOC operations, ASM, incident response, and log management.
• Strong knowledge of tools and technologies such as MS Sentinel, ELM, SOAR, EDR solutions, and other SOC tooling.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
• Exceptional leadership, communication, and stakeholder management skills.
• Participation and leading projects
• Full understanding of NIST 2 Domains and sub domains for SOC Operations
• CRTO, OSCE, OSEP, PEN-300, GXPN or equivalent certification (note: reasonable exceptions will be considered, e.G. years of experience, contribution to the field, etc.)
• At least five years' experience
• Coding experience
• Experience in training others, or managing teams

Job description

As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices.

Key Responsibilities:

• Perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients' IT infrastructure, applications, and networks.
• Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP.
• Identify and exploit security vulnerabilities to assess the potential impact on clients' systems and data.
• Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures.
• Collaborate with clients' IT teams to prioritize and address identified security issues in a timely manner.
• Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks.
• Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies.
• Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team.

Requirements:

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing.
• Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP.
• Hands-on experience with various operating systems, including Windows, Linux, and Unix.
• Strong understanding of network protocols, web application architecture, and common security vulnerabilities.
• Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred.
• Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively.
• Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders.
• Proven track record of delivering high-quality security assessments and actionable recommendations

We are hiring VAPT Engineer ( L2 ) for Mumbai/Hyderabad Location.

Experience: 4+ Years

Location: Mumbai/Hyderabad

Work Mode: WFO

JD:

• Perform Penetration testing (vulnerability Scans and manual assessments) on a regular basis and to provide remediation to the findings.
• Accurately identify and perform real-time analysis and eradication of false positives from the tool generated reports
• Tests the effectiveness of the implemented fixes on applications
• Creating detailed Vulnerability reports and effective communications to the concerned team
• Communicate security risks in applications and remediation guides to the development teams effectively
• Keep track of new vulnerabilities on various aspects
• Act as a security expert in application development efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices

Mandatory Tool Experience:

• Qualys Guard (VA)
• HP Fortify (Source Code Review)

TRO – Vulnerability Assessment ~ Analyst (L2)

**Job Summary: ** We are looking for a dedicated and proactive Vulnerability Assessment Analyst I to join our cybersecurity team. In this role, you will be instrumental in identifying and assessing vulnerabilities across our IT infrastructure. Additionally, you will leverage basic coding skills to develop automation solutions that enhances overall workflow efficiency of vulnerability management processes.

**Key Responsibilities: ** - Conduct initial vulnerability scans and assessments on a range of systems, networks, and applications using industry-standard vulnerability assessment tools (e.g., Tenable, Nessus. Qualys) -

• Analyze vulnerability scans results to validate findings, identifying false positives, and aid in prioritizing vulnerabilities based on severity, potential impact, and risk to the organization, supporting effective remediation efforts. -
• Design and implement automation scripts to streamline key processes, including report generation, threat intelligence data ingestion, vulnerability data enrichment and triage. -
• Collaborate with senior team members to triage, document, and communicate vulnerabilities to the relevant stakeholders. -
• Support in the development and maintenance of standard operating procedures (SOPs) for vulnerability scanning and reporting processes. -
• Assist in creation of reports and dashboards to deliver insights into the organization's security posture, highlighting vulnerability trends and risk levels. -
• Communicate with cross-functional teams to coordinate and drive remediation efforts, ensuring timely resolution of vulnerabilities. -
• Stay up to date with the latest cybersecurity threats, trends, and emerging technologies in vulnerability management.

**Requirements: ** -

• Bachelor's degree in computer science, Cybersecurity, or related field (or equivalent experience). -
• Fundamental understanding of networking concepts and operating systems, including Windows and Linux, as well as familiarity with network devices, such as switches, routers, and firewalls. -
• Experience with vulnerability assessment tools (e.g., Tenable, Nessus, Qualys). - Familiarity with cybersecurity frameworks (e.g., NIST, CIS, ISO/IEC
• Basic programming/scripting skills (e.g., Python, PowerShell, Bash) to support automation tasks. -
• Strong analytical and problem-solving skills. -
• Ability to work both independently and collaboratively in a team-oriented environment. -
• Excellent written and verbal communication skills.

**Preferred Qualifications: **

• Relevant certifications such as CompTIA Security+, CEH (Certified Ethical Hacker), or equivalent is a plus.
• Hands-on experience in scripting and automation for cybersecurity tasks

Job Types: Full-time, Permanent

Pay: ₹1,200, ₹2,800,000.00 per year

Benefits:

• Health insurance

Application Question(s):

• What is your current CTC and expected CTC?

Experience:

• total work: 6 years (Required)

Location:

• Hyderabad, Telangana (Required)

Work Location: In person

Strong expertise in OWASP Top 10, NIST, and ISO 27001 frameworks.

Advanced knowledge of scripting languages (e.g., Python, Bash, PowerShell) for automation and tool development, with cloud security for platforms such as AWS, Azure, or Google Cloud.

Greetings from TCS!

We are currently planning to do a Walk-In Interview on 11-Oct-2025 (Saturday) at Chennai/Bangalore/Hyderabad.

Role **: VAPT Senior Analyst

Desired Skill Set :VAPT (Tenable, Defender, Sentinel One), Service Now VR, Bug Crowd

Experience Range : 4+ years

Joining Location : PAN India

Date - 11-Oct-2025 (Saturday)

In-Person Drive Location details.

1. Hyderabad KP Venue - TATA Consultancy Services - Kohinoor Park, Plot No 1, Hitech City Rd, Cyberabad, Land Mark Residency, Jubilee Gardens, Hyderabad, Telangana
2. Chennai SNR Venue - Tata Consultancy Services Ltd, Sholinganallur Office Kumaran Nagar, 415/21-24, TNHB Main Rd, Chennai – .
3. Bangalore PSN Venue : No:1, Crescent 3 Prestige Shantiniketan, Sadaramanagala South Taluk, Bengaluru, 3,, Thigalarapalya,, 3, ITPL Main Road, Maruthi Nagar, Krishnarajapuram, Bengaluru, Karnataka

Must-Have: VAPT (Nessus, Tenable, Defender, Sentinel One), Service Now VR, Bug Crowd

Good-to-Have: Burp Suite, Service Now VR, Vulnerability Management other vendor tools

Responsibility of / Expectations from the Role :

• Expertise and experience of conducting VAPT (Vulnerability Assessment and Penetration Testing) as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST, CISA
• Experience in Web Application Security Testing, Network security testing, Source code Review and Vulnerability Assessment and Penetration testing (SAST and DAST)
• Strong Experience of using open- source tools and commercials tools such as but not limited to Burp Suite, Metasploit, Nessus, Acunetix and open source with operating systems Windows and Linux.
• Perform research on new vulnerabilities, attack vectors, exploits, tools and industry trends for the above- mentioned services.
• CEH Certification Mandatory.
• Candidates with CISM, OSCP are preferred.
• Strong presentation and analytic skills, critical thinking and problem-solving skills are mandatory

performing network security assessments and vulnerability assessments.

TCP/IP, OSI model, and networking principles.

OWASP Top 10 and web application security audits.

Manual penetration testing skills and techniques beyond automated tools.

Required Candidate profile

Experience in secure coding practices and DevSecOps methodologies, publicly available exploit code and repositories.

Knowledge of compliance standards like ISO 27001, PCI DSS, and NIST.