Job Title: Vulnerability Assessment and Penetration Testing (VAPT) Specialist
Job Type: Full-time
Location : Chennai only
Key Responsibilities:
- Vulnerability Assessment:
- Perform vulnerability scans and assessments using industry-standard tools and frameworks.
- Analyze scan results to identify potential security risks, including configuration flaws, software vulnerabilities, and other potential weaknesses.
- Prioritize vulnerabilities based on risk analysis and collaborate with other teams to remediate issues.
- Penetration Testing:
- Conduct penetration tests (ethical hacking) on web applications, networks, and infrastructure to simulate real-world attacks and identify potential vulnerabilities.
- Perform manual and automated testing techniques to assess the effectiveness of existing security measures.
- Provide detailed technical analysis and reports on findings, including proof of concept for vulnerabilities and suggested mitigation strategies.
- Collaborate with the development and IT teams to assist in identifying weaknesses and remediating them.
- Security Assessments:
- Assist in conducting risk assessments and threat modeling to identify high-priority areas that require penetration testing.
- Evaluate security controls and recommend improvements to enhance overall system security.
- Keep track of the latest security vulnerabilities, exploit techniques, and penetration testing methodologies.
- Reporting & Documentation:
- Document findings and deliver comprehensive vulnerability assessment and penetration testing reports to both technical and non-technical stakeholders.
- Provide remediation guidance and work with relevant teams to develop strategies for patching vulnerabilities and improving security measures.
- Maintain an up-to-date record of identified vulnerabilities and mitigation efforts.
Required Skills & Qualifications:
- Bachelors degree in information security, Computer Science, or related field (or equivalent work experience).
- Proven experience in vulnerability assessments, penetration testing, or ethical hacking.
- Strong knowledge of penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Nessus, Wireshark, etc.).
- Understanding of common web application vulnerabilities (e.g., SQL injection, cross-site scripting, etc.) and how to exploit and mitigate them.
- Experience with network security protocols and services (e.g., TCP/IP, DNS, HTTP, VPN, firewall configurations).
- Proficiency in scripting and automation using languages such as Python, Bash, or PowerShell to assist in penetration testing.
- Strong understanding of security frameworks (e.g., OWASP, NIST, ISO 27001).
- Familiarity with compliance requirements such as GDPR, PCI-DSS, and HIPAA.
Preferred Qualifications:
- Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), or GIAC Penetration Tester (GPEN).
- Hands-on experience with web application, mobile application, API and network-based penetration testing.
- Familiarity with cloud platforms (e.g., AWS, Azure) and their security features.
- Experience with source code review or application security assessments.
Please share the resumes to "priyanga.govindharaj@aspiresys.com"
Employment Type: Full Time, Permanent
Read full job description