VAPT- Vulnerability Management & Penetration Testing

Role & responsibilities

We are seeking a motivated and skilled Vulnerability Management and Penetration Testing Specialist with 3-4 years of experience in cybersecurity. The ideal candidate will play a crucial role in identifying and mitigating security vulnerabilities, performing penetration testing, and contributing to the overall security posture of our organization and our customers. The individual will collaborate closely with the cybersecurity and IT teams to strengthen the defence mechanisms and help protect sensitive data and systems from evolving cyber threats.

Key Responsibilities:

• Conduct regular vulnerability assessments using automated tools (e.g., Nessus, Qualys, OpenVAS) to identify security gaps within the organization's network, systems, and applications.
• Manage and track vulnerabilities identified across various systems, ensuring that remediation efforts are timely and effective.
• Work with different teams to assess and prioritize vulnerabilities based on risk, impact, and business context.
• Perform risk assessments and provide remediation recommendations to mitigate security risks.
• Create and maintain vulnerability management reports and dashboards for internal stakeholders.
• Plan, execute, and document penetration testing engagements on internal and external networks, web applications, and other infrastructure components.
• Perform manual, automated and autonomous penetration testing using industry-leading tools and techniques (e.g., Burp Suite, Horizon3AI NodeZero, Kali Linux) to discover weaknesses and exploit vulnerabilities.
• Provide detailed reports outlining the findings of penetration tests, including risk assessment, exploitability, and remediation advice.
• Collaborate with development and operations teams to fix identified vulnerabilities and validate that fixes are effective.
• Contribute to the development and maintenance of security best practices, policies, and procedures.

Required Experience and Skills:

• 3-4 years of experience in vulnerability management, penetration testing, or a related cybersecurity field.
• Hands-on experience with vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS, Nexpose) and reporting.
• Proficiency in conducting penetration tests across various technologies, including web applications, networks, and systems.
• Familiarity with penetration testing frameworks and methodologies (OWASP, PTES, NIST, etc.).
• Good to have experience with scripting or automation tools (Python, Bash, PowerShell, etc.) for security testing.
• Strong understanding of common web vulnerabilities (e.g., SQL injection, XSS, CSRF) and network security flaws (e.g., buffer overflows, privilege escalation).
• Knowledge of security standards and frameworks (e.g., CIS, NIST, ISO 27001, PCI-DSS).
• Ability to write clear, concise, and comprehensive security reports and communicate findings to technical and non-technical stakeholders.

Preferred Qualifications:

• Certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), or other relevant cybersecurity credentials.
• Experience with cloud security and associated vulnerability management tools for AWS, Azure, or GCP environments.
• Familiarity with security information and event management (SIEM) tools, incident response, and threat intelligence.