Job Description
We are seeking a skilled VAPT Engineer with hands-on experience in penetration testing of web applications,
APIs, and mobile platforms (Android & amp; iOS). The candidate must also possess knowledge of defensive
security practices, including SIEM, cloud security, and risk assessment.
Key Responsibilities
• Plan and execute penetration tests on web applications, APIs, Android, and iOS applications
• Conduct vulnerability assessments across network and application layers
• Identify and exploit security weaknesses using manual and automated techniques
• Produce detailed reports with findings, risk ratings, and remediation recommendations
• Perform re-testing to validate that identified vulnerabilities have been remediated
• Monitor and manage SIEM platforms (Wazuh) for threat detection and alerting
• Conduct AWS cloud security reviews including IAM, S3, EC2, VPC, and CloudTrail
• Participate in risk assessments, security audits, and compliance activities
• Collaborate with development and DevOps teams to integrate security into the SDLC
• Stay updated on emerging threats, CVEs, and evolving attack techniques
Requirements
Penetration Testing:
• Minimum 2–3 years of hands-on penetration testing experience
• Web application testing: OWASP Top 10, Burp Suite Pro, OWASP ZAP, SQLmap, Nikto
• API security testing: REST, GraphQL, SOAP — tools include Postman, Burp Suite, ffuf
• Mobile testing (Android & amp; iOS): MobSF, Frida, Objection, apktool, jadx, ADB, iProxy
• Network and infrastructure: Nmap, Metasploit, Nessus, Wireshark, Netcat
• Scripting in Python, Bash, or PowerShell for automation and custom tooling
• Strong knowledge of TCP/IP, Linux, Windows, and common attack frameworks
Defensive Security:
• SIEM – Wazuh: deployment, configuration, rule creation, alert tuning, and log analysis
• AWS Cloud Security: IAM, GuardDuty, Security Hub, CloudTrail, and CIS Benchmarks
• Risk assessment using NIST, ISO 27001, or CVSS scoring frameworks
• Familiarity with MITRE ATT& CK framework and incident response procedures
• Awareness of compliance standards: PCI-DSS, GDPR, or ISO 27001
Certifications (Good to Have)
• OSCP – Offensive Security Certified Professional (highly preferred)
• CEH – Certified Ethical Hacker (EC-Council)
• GPEN / GWAPT – GIAC Penetration Tester / Web Application Penetration Tester
• eWPT / eJPT – eLearnSecurity Penetration Testing certifications
• AWS Certified Security – Specialty
• CompTIA Security+
Soft Skills
• Strong analytical mindset with the ability to think like an attacker
• Excellent written and verbal communication for reporting and stakeholder briefings
• Ability to manage multiple engagements independently and meet deadlines
• High level of integrity, confidentiality, and professional ethics
• Collaborative team player who works effectively with development, IT, and management
Education
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Equivalent professional certifications or experience will be considered
Benefits
