VAPT Lead - CISSP Certified (6-8 yrs)

Job Description : VAPT Manager

Location : Mumbai, India

Experience Required : 6+ years

Work Mode : Onsite (Mumbai)

Position Summary :

- We are looking for an experienced Vulnerability Assessment and Penetration Testing (VAPT) Manager with 6+ years of hands-on experience in security testing.

- The ideal candidate should have a strong background in identifying, analyzing, and mitigating security vulnerabilities across networks, applications, and cloud environments.

- This role requires expertise in security assessments, team leadership, and client management.

Key Responsibilities :

- Lead and manage end-to-end VAPT engagements for applications, networks, cloud, and infrastructure security.

- Identify, exploit, and document security vulnerabilities with actionable remediation plans.

- Develop and execute penetration testing methodologies, frameworks, and strategies tailored to client requirements.

- Ensure compliance with industry security standards such as ISO 27001, NIST, PCI-DSS, GDPR, and OWASP best practices.

- Collaborate with internal and external stakeholders to communicate security risks, solutions, and recommendations.

- Conduct red teaming and threat simulation exercises to assess and improve an organization's security posture.

- Manage security tools and frameworks, including Burp Suite, Metasploit, Nmap, Nessus, Qualys, Wireshark, and Kali Linux.

- Work closely with development and IT teams to ensure secure coding practices and effective vulnerability remediation.

- Stay updated with the latest cybersecurity threats, vulnerabilities, and exploits to enhance security testing methodologies.

- Prepare detailed technical reports and executive summaries for management and regulatory compliance.

- Mentor and train junior security professionals within the team.

Qualifications & Skills :

Mandatory : (CEH, CISSP, OSCE, or GPEN is a plus).

- 6+ years of hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT).

- In-depth understanding of network security, application security, cloud security (AWS, Azure, GCP), and IoT security.

- Strong expertise in manual and automated penetration testing techniques.

- Proficiency in security tools such as Burp Suite, Metasploit, Nmap, Qualys, Nexpose, Tenable, AppScan, and Wireshark.

- Experience in scripting for security automation (Python, Bash, PowerShell, or Ruby).

- Strong understanding of MITRE ATT&CK framework, threat modeling, and red teaming concepts.

- Experience in secure coding practices and ability to review application code for security vulnerabilities.

- Knowledge of Indian regulatory and compliance frameworks related to cybersecurity.

- Excellent problem-solving, analytical, and communication skills for client engagement.