Senior Security Consultant

Overview

Senior Security Consultant (VAPT Specialist) Company Overview

We are seeking a highly skilled and experienced Senior VAPT Specialist to join our cybersecurity team. This role is ideal for a security professional who excels in a client-facing environment and possesses in-depth expertise in both offensive and defensive security practices.

Position Summary

As a Senior VAPT Specialist, you will be responsible for conducting comprehensive security assessments, managing client relationships, and delivering high-quality penetration testing services. You will work with diverse clients to identify vulnerabilities, assess security postures, and provide actionable recommendations to enhance their cybersecurity defenses but not limited to.

Key ResponsibilitiesClient Management & Communication

• Serve as the primary technical point of contact for assigned clients during security assessments
• Conduct client briefings, status updates, and final presentation meetings
• Translate complex technical findings into business-relevant insights for stakeholders
• Maintain professional relationships and ensure client satisfaction throughout project lifecycles
• Prepare and deliver comprehensive reports with clear remediation guidance

Security Testing & Assessment

• Perform comprehensive vulnerability assessments and penetration testing across multiple domains:
• Web Application Security Testing: Identify and exploit vulnerabilities in web applications, including but not limited to OWASP Top 10 vulnerabilities
• Mobile Application Security Testing: Assess the security of iOS and Android applications, including static and dynamic analysis
• API Security Testing: Evaluate REST, SOAP, and GraphQL APIs for security weaknesses
• Network Penetration Testing: Conduct internal and external network assessments, including wireless security testing
• Source Code Review: Perform manual and automated static code analysis to identify security flaws
• Cloud Security Configuration Review: Assess cloud infrastructure configurations across AWS, Azure, and GCP platforms

Threat Modeling & Risk Assessment

• Develop comprehensive threat models for client applications and infrastructure
• Conduct risk assessments and prioritize security findings based on business impact
• Design attack scenarios and security test cases based on threat intelligence
• Collaborate with development teams to integrate security into SDLC processes

Red Team Operations

• Plan and execute red team exercises to simulate real-world attack scenarios
• Develop custom tools and exploits for specific client environments
• Conduct social engineering assessments and physical security testing when required
• Provide post-exercise debriefings and improvement recommendations

Documentation & Reporting

• Create detailed technical reports documenting vulnerabilities, exploitation methods, and remediation steps
• Develop executive summaries tailored for C-level audiences
• Maintain accurate project documentation and testing methodologies
• Contribute to internal knowledge base and best practices documentation

Required QualificationsExperience & Background

• 3-5 years of hands-on experience in vulnerability assessment and penetration testing
• Proven track record of successful client engagements and project delivery
• Experience with enterprise-level security assessments across various industries
• Demonstrated ability to work independently and manage multiple projects simultaneously

Technical Expertise

• Deep understanding of security frameworks and standards:
• Penetration Testing Execution Standard (PTES)
• OWASP Top 10 and OWASP Testing Guide
• SANS Top 25 Most Dangerous Software Errors
• NIST Cybersecurity Framework
• CIS Critical Security Controls
• MITRE ATT&CK Framework

Development & Programming Experience

• Software Development Background: Hands-on experience in application development and an understanding of secure coding practices are highly recommended.
• Programming and Scripting Languages: Strong proficiency in Python and Bash as minimum requirements, with additional experience in PowerShell, and at least one compiled language (C/C++, Go, Java, or C#)
• Custom Tool Development: Ability to develop custom security tools, exploits, and automation scripts
• Security Tools Expertise: Expert-level proficiency with:
• Burp Suite Professional, OWASP ZAP
• Nmap, Nessus, OpenVAS
• Metasploit, Cobalt Strike
• Wireshark, tcpdump
• Static analysis tools (SonarQube, Checkmarx, Veracode)
• Custom exploit development tools

Social Engineering & Phishing Expertise

• Social Engineering Assessments: Design and execute social engineering campaigns to test human-factor security
• Phishing Simulations: Develop and conduct sophisticated phishing campaigns, including email, SMS, and voice-based attacks
• Physical Security Testing: Conduct on-site assessments including tailgating, badge cloning, and facility penetration
• Awareness Training: Provide security awareness training based on assessment findings
• OSINT (Open Source Intelligence): Gather and analyze publicly available information for reconnaissance and social engineering preparation

Communication & Language Skills

• Excellent English communication skills (both written and spoken)
• Ability to communicate complex technical concepts to non-technical stakeholders
• Strong presentation and public speaking abilities
• Professional writing skills for technical documentation and reports

Professional Attributes

• Strong analytical and problem-solving abilities
• Attention to detail and a methodical approach to testing
• Ability to think like an attacker and anticipate security threats
• Commitment to ethical hacking principles and professional conduct
• Continuous learning mindset to stay current with emerging threats and technologies
• Research-Oriented Mindset: Conduct deep research activities to understand emerging vulnerabilities, attack vectors, and security trends
• Innovation and Tool Development: Proactive approach to developing custom security tools, scripts, and methodologies to enhance testing capabilities
• Creative thinking for developing novel attack scenarios and bypassing security controls

Preferred QualificationsCertifications (Added Advantage)

• OSCP - Highly Preferred
• GPEN
• CRTO
• CRT

Additional Experience (Added Advantage)

• Experience with DevSecOps practices and CI/CD pipeline security
• Background in software development or system administration
• Knowledge of compliance frameworks (PCI DSS, HIPAA, GDPR, SOC2, ISO 27001)
• Experience with threat intelligence platforms and indicators of compromise
• Familiarity with containerization security (Docker, Kubernetes)
• Previous consulting or client-facing experience

What We OfferProfessional Development

• Continuous learning opportunities and professional development
• Support for professional certifications and training
• Mentorship opportunities and knowledge-sharing sessions

Work Environment

• Collaborative and innovative team environment
• Flexible work arrangements and remote work options
• Opportunity to work with diverse clients across various industries
• Exposure to the latest cybersecurity trends and emerging technologies

Compensation & Benefits

• Competitive salary commensurate with experience
• Performance-based bonuses and incentives
• Professional development and certification reimbursement

Application Process

Qualified candidates should submit:

• Current resume highlighting relevant experience and certifications
• Cover letter demonstrating communication skills and explaining interest in the role
• Professional references from previous clients or employers

We are an equal-opportunity employer committed to diversity and inclusion in our workforce.

Job Type: Full-time

Benefits:

• Flexible schedule
• Health insurance
• Paid time off
• Provident Fund

Schedule:

• Monday to Friday

Work Location: In person