Job Description
The Senior VAPT Expert manages the end-to-end security assessment lifecycle. This involves conducting broad-spectrum Discovery Scans. They perform deep-dive Infrastructure Penetration Testing. And execute comprehensive Application Penetration Testing. The role also includes high-intensity Red Team/Assume Breach simulations. Beyond identifying vulnerabilities, the expert drives their closure. This ensures mitigation of identified risks across systems. Focus areas include IT and Telecom Core environments (HLR/VLR/OSS/BSS).
How You Will Contribute And What You Will Learn
- Conduct continuous asset discovery, automated vulnerability scanning, false positive analysis, and manage remediation tracking with re-testing.
- Execute deep-dive manual infrastructure, web, and mobile application penetration tests, including segmentation testing.
- Plan and execute Assume Breach simulations, complex attack chains, and APT simulations using MITRE ATT&CK.
- Create custom C2 channels and bypass EDR, Antivirus, and WAF controls to demonstrate advanced adversary capabilities.
- Conduct specialized attacks against OSS/BSS, HLR, VLR, and MSC to identify risks to subscriber data and call routing.
- Monitor for Shadow IT, exposed digital assets, and leaked credentials through automated reconnaissance.
- Proactively monitor forums and paste-sites for leaked Telecom data (CDRs, MSISDNs, IMEIs) and specific threats.
- Deliver executive-level reports, PoCs, and remediation roadmaps, while evaluating Blue Team detection and reaction times.
Key Skills And Experience
Must-Have:
- 2+ years in Offensive Security/Red Teaming, specifically within Telecommunications or ISP environments.
- OSCP certification (minimum) and expert knowledge of the MITRE ATT&CK framework and NIST security standards.
- Proficiency in Kerberoasting, Pass-the-Hash, Golden Ticket, PowerShell/Bash scripting, and EDR bypass.
- Foundational knowledge of SS7, GTP, Diameter, Network Segmentation, Active Directory, and NOC/SOC workflows.
- Hands-on experience with Burp Suite, Cobalt Strike/Sliver, Metasploit, Nessus, and ASM platforms.
Nice-to-Have:
- Advanced Offensive Certifications of OSEP, OSWE, or CRTP (Certified Red Team Professional).
- Expertise in automated tools and manual deep-web search techniques for reconnaissance.
- Experience coordinating foundational telecom knowledge with quarterly telecom exercises.
About Us
Advancing connectivity to secure a brighter world.
Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile and transport networks, powered by the innovation of Nokia Bell Labs, we're advancing connectivity to secure a brighter world.
Learn more about life at Nokia .
Our recruitment process
We act inclusively and respect the uniqueness of people. Our employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.
If you're interested in this role but don't meet every listed requirement, we still encourage you to apply. Unique backgrounds, perspectives, and experiences enrich our teams, and you may be just the right candidate for this or another opportunity.
The length of the recruitment process may vary depending on the specific role's requirements. We strive to ensure a smooth and inclusive experience for all candidates. Discover more about the recruitment process at Nokia .
About The Team
Some of our benefits:
- Flexible and hybrid working schemes
- A minimum of 90 days of Maternity and Paternity Leave, with the option to return to work within a year following the birth or adoption of a child (based on eligibility)
- Life insurance to all employees to provide peace of mind and financial security
- Well-being programs to support your mental and physical health
- Opportunities to join and receive support from Nokia Employee Resource Groups (NERGs)
- Employee Growth Solutions to support your personalized career & skills development
- Diverse pool of Coaches & Mentors to whom you have easy access
- A learning environment which promotes personal growth and professional development - for your role and beyond
