Penetration Tester

Overview

We are currently seeking skilled professionals for the role of Vulnerability Assessment and Penetration Testing (VAPT) Specialist. The ideal candidate should have 3 to 9 years of relevant experience in performing end-to-end VAPT across networks, systems, and web applications.

Key ResponsibilitiesA. VAPT Activities

The VAPT should be comprehensive and include, but not be limited to:

• Network Scanning and Port Scanning
• System Identification and Trusted System Scanning
• Vulnerability and Malware Scanning
• Spoofing and Application Security Testing
• Access Control Mapping
• Denial of Service (DoS) Attack Simulation
• Password Cracking Techniques
• Cookie Security Assessment
• Functional Validation of Controls
• DMZ Architecture Review
• Firewall Rule Analysis
• Operating System Security Configuration Review
• Database Security Configuration Analysis
• Identification and Analysis of Complex Cyber-Attacks

B. Website / Web Application Assessment

Assessments should be performed as per the latest OWASP Guidelines and should cover:

• SQL Injection, CRLF Injection
• Cross Site Request Forgery (CSRF)
• Directory Traversal Vulnerabilities
• Authentication Exploits and Man-in-the-Middle Attacks
• Unvalidated Redirects and Forwards
• Password Strength Assessment
• JavaScript Security Scanning
• File Inclusion and Malicious File Execution
• Exploitable Vulnerabilities in Custom Code
• Web Server Security Assessment
• HTTP Injection
• Website Phishing Techniques
• Buffer Overflow Detection
• Input Validation Testing
• Insecure Storage and Social Engineering Attacks

Standards & Methodologies

• Follow industry best practices and OWASP methodology
• Identify top application vulnerabilities such as:
• Injection Flaws
• Broken Authentication
• Sensitive Data Exposure
• Cross-Site Scripting (XSS)
• Broken Access Control
• XML External Entities (XXE)
• Security Misconfiguration
• Insecure Deserialization
• Usage of Vulnerable Components
• Insufficient Logging & Monitoring
• Business Logic Vulnerabilities
• Provide detailed reports including:
• Risk Ratings and Remediation Plans
• Recommendations for Mitigation and Security Enhancements

Eligibility Criteria

• Experience: 3 to 9 years in VAPT, Cybersecurity, or related domains
• Education: Bachelor’s degree in Computer Science, Information Security, or related fields. Relevant certifications are a plus
• Certifications Preferred:
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional) preferred
• CISA / CISM / CISSP preferred
• CompTIA Security+, GIAC, or similar

Required Tools & Technologies

Candidates must be proficient in the use of security tools such as:

• Burp Suite
• Nessus / OpenVAS
• Metasploit Framework
• Nmap, Wireshark
• Nikto, Acunetix
• OWASP ZAP
• Kali Linux or Parrot OS
• Custom Scripting (Python, Bash, etc.)

Job Types: Full-time, Permanent, Fresher

Pay: ₹600,000.00 - ₹1,500,000.00 per year

Benefits:

• Food provided
• Health insurance
• Leave encashment
• Paid sick time
• Paid time off
• Provident Fund
• Work from home

Schedule:

• Day shift
• Fixed shift
• Monday to Friday

Supplemental Pay:

• Performance bonus
• Yearly bonus

Work Location: In person