Senior VAPT Engineer – Cybersecurity

Senior VAPT Engineer – Cybersecurity & Risk ManagementPosition Overview

We are seeking a highly skilled Senior VAPT Engineer to join our cybersecurity team. This role involves leading advanced vulnerability assessments and penetration testing engagements to identify security risks across applications, networks, cloud, and infrastructure. The ideal candidate will act as a trusted security advisor, delivering highquality, actionable insights in a fastpaced, clientfacing environment.

Key ResponsibilitiesClient Engagement & Leadership

• Act as a trusted cybersecurity advisor for multiple highvalue clients
• Lead endtoend VAPT engagements: scoping, execution, reporting, and remediation guidance
• Conduct technical and executivelevel briefings on findings, risks, and recommendations
• Translate complex vulnerabilities into businesscentric risk insights
• Collaborate with client stakeholders to ensure practical remediation
  
  

Threat Modelling & Risk Assessment

• Design and maintain threat models for applications, networks, cloud, and infrastructure
• Perform risk assessments based on business impact and exploitability
• Develop attack scenarios using threat intelligence and realworld attacker techniques
• Advise clients on embedding security into SDLC and cloud architecture
  
  

Penetration Testing & Red Teaming

• Lead blackbox, greybox, and whitebox penetration tests (Web, API, Network, Cloud)
• Conduct advanced Red Team simulations
• Develop custom exploits, scripts, and testing tools
• Execute controlled social engineering exercises (phishing, physical security)
• Deliver postengagement analysis with remediation and longterm improvement plans
  
  

Reporting & Documentation

• Produce detailed and technically sound VAPT reports
• Prepare executive summaries focused on business and compliance risks
• Maintain assessment methodologies, playbooks, and internal documentation
• Contribute to internal knowledge repositories and tooling libraries
  
  

Technical & Programming Expertise

• Expert knowledge of vulnerability discovery and exploitation techniques
• Handson with tools: Burp Suite, Nessus, Qualys, Metasploit, Nmap, OpenVAS, Nikto, Cobalt Strike, Wireshark, tcpdump
• Strong scripting & automation skills: Python, Bash, PowerShell
• Deep understanding of OWASP Top 10, SANS Top 25, and attack surface analysis
• Strong experience with Cloud Security, IAM, Docker, Kubernetes
  
  

Social Engineering & OSINT

• Design and run phishing and social engineering simulations
• Conduct physical security testing (tailgating, badge cloning)
• Apply OSINT techniques for reconnaissance
• Provide security awareness and training recommendations
  
  

Professional Attributes

• Analytical, creative, and attackermindset driven
• Strong communication and presentation skills
• Passion for continuous research and innovation
• Detailoriented with a methodical testing approach
  
  

Required Qualifications

• 5+ years of handson experience in VAPT and security consulting
• Strong expertise in Application, Network, Cloud (AWS/Azure/GCP), and Infrastructure Security
• Advanced exploitation, postexploitation, and manual testing experience
• Proficiency in scripting and automation
• Familiarity with frameworks: NIST, ISO 27001, MITRE ATT&CK
• Excellent documentation and stakeholder management skills
  
  

Preferred Qualifications

• Certifications: OSCP, GPEN, CREST CRT, CRTO, CISSP, CEH
• Experience in DevSecOps & CI/CD security
• Knowledge of compliance standards: PCIDSS, GDPR, HIPAA, SOC2, ISO 27001
• Prior consulting or customerfacing experience
• Exposure to threat intelligence platforms & IoCs
  
  

Skills: vulnerability assessment,penetration testing,cybersecurity,vapt