VAPT Engineer at Deloitte

Manual Testing Openings From India

Position: VAPT Engineer

Location: Mumbai

Responsibilities:

  • Conduct comprehensive penetration testing of systems, applications, and infrastructure, following established testing methodologies and best practices.
  • Perform black box, grey box, and white box web application penetration testing to identify vulnerabilities and potential security risks.
  • Conduct mobile application penetration testing to assess the security posture of mobile applications.
  • Perform API penetration testing to identify vulnerabilities and potential security risks associated with APIs.
  • Conduct infrastructure penetration testing to assess the security of network devices, servers, databases, and other infrastructure components.
  • Conduct secure code reviews to identify vulnerabilities and provide recommendations for improving code security.
  • Perform configuration reviews of various systems, including Windows, Linux, UNIX, Solaris, and databases, to identify security misconfigurations.
  • Demonstrate a good understanding of OWASP top ten vulnerabilities and apply appropriate testing methodologies to identify and exploit them.
  • Stay updated with emerging threat patterns, compliance standards, and industry best practices related to penetration testing.
  • Utilize penetration testing tools and software frameworks such as Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, and Fortify.
  • Utilize scripting languages like Shell, Python, PERL, etc., for automating tasks and developing proof-of-concept exploits.
  • Collaborate with project teams and clients to understand their security requirements and provide remediation support.
  • Prepare comprehensive vulnerability assessment reports, including identified vulnerabilities, potential impact, and recommended remediation measures.
  • Conduct report walkthrough discussions and presentations to clients, explaining identified vulnerabilities and their potential impact.
  • Actively participate in the security community by attending technical sessions, participating in bug bounty programs, and sharing knowledge and insights.

Requirements:

  • Bachelor’s degree in Computer Science, Information Technology, or a related field.
  • Minimum of 1-5 years of experience in penetration testing or a similar role.
  • Strong understanding of penetration testing process, methodologies, and best practices.
  • Knowledge of OWASP top ten vulnerabilities and the ability to apply appropriate testing techniques.
  • Familiarity with emerging threat patterns and compliance standards in the cybersecurity field.
  • Experience in black box, grey box, and white box web application penetration testing.
  • Experience in mobile application and API penetration testing.
  • Experience in infrastructure penetration testing, including network devices, servers, and databases.
  • Knowledge of secure code review techniques and ability to identify vulnerabilities in code.
  • Strong knowledge of TCP/IP, networks, firewalls, IDS/IPS, routers, switches, and network architecture.
  • Experience with vulnerability assessment and penetration testing tools such as Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, and Fortify.
  • Proficiency in scripting languages like Shell, Python, PERL, etc., for automating tasks and developing proof-of-concept exploits.
  • Preferred certifications: OSCP, CEH, GWAPT.
  • Excellent communication skills with the ability to present findings, discuss reports, and provide remediation support to clients.
  • Active participation in the security community, including technical sessions and bug bounty programs, is a plus.

Application Process: To apply for this position, please email your updated resume and a cover letter to shwedas@deloitte.com and mthakkar.ext@deloitte.com. In your cover letter, please highlight your relevant experience and qualifications in penetration testing. Only shortlisted candidates will be contacted for further evaluation.

Note: The job description provided above is a general overview and may include additional responsibilities that are not mentioned. The responsibilities and requirements of the role may be subject to change based on the needs of the company.

Vinayak Nale

Vinayak Nale

Leave a Reply

Your email address will not be published. Required fields are marked *