Job Details:
Experience: 5 Years
Work Location: Chennai
Work Mode: Hybrid
Roles and Responsibilities:
- 57 years of hands-on experience in VAPT, preferably in both application and infrastructure testing.
- Perform manual verification and risk assessment of identified vulnerabilities.
- Track and validate remediation efforts in collaboration with IT and application teams.
- Execute black-box, grey-box, and white-box penetration tests on web applications, APIs, internal systems, external networks, and mobile apps.
- Exploit vulnerabilities in controlled environments to assess real-world risks.
- Simulate advanced threat actor behaviours and pivot through environments for lateral movement analysis.
- Review application architecture and code (static/dynamic analysis) for security issues.
- Work with DevOps and engineering teams to ensure secure SDLC practices are followed.
- Conduct threat modelling and provide recommendations during design and development phases.
- Prepare detailed reports with evidence of vulnerabilities, risk ratings, exploit techniques, and remediation guidance.
- Present findings to both technical and non-technical stakeholders.
- Maintain documentation of test plans, procedures, and assessment tools.
- Solid knowledge of OWASP Top 10, SANS 25, and CVSS scoring.
- Burp Suite, Metasploit, Nmap, Wireshark, Nikto, Hydra, and SQLmap SAST/DAST platforms like Fortify or Veracode
- Proficiency in scripting (Python, Bash, or PowerShell) to build or extend tools.
- Strong understanding of TCP/IP, firewalls, IDS/IPS, and network protocols.
- Familiarity with cloud security (AWS, Azure, or GCP).
