Position: VAPT Engineer
Location: Mumbai
Responsibilities:
- Conduct comprehensive penetration testing of systems, applications, and infrastructure, following established testing methodologies and best practices.
- Perform black box, grey box, and white box web application penetration testing to identify vulnerabilities and potential security risks.
- Conduct mobile application penetration testing to assess the security posture of mobile applications.
- Perform API penetration testing to identify vulnerabilities and potential security risks associated with APIs.
- Conduct infrastructure penetration testing to assess the security of network devices, servers, databases, and other infrastructure components.
- Conduct secure code reviews to identify vulnerabilities and provide recommendations for improving code security.
- Perform configuration reviews of various systems, including Windows, Linux, UNIX, Solaris, and databases, to identify security misconfigurations.
- Demonstrate a good understanding of OWASP top ten vulnerabilities and apply appropriate testing methodologies to identify and exploit them.
- Stay updated with emerging threat patterns, compliance standards, and industry best practices related to penetration testing.
- Utilize penetration testing tools and software frameworks such as Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, and Fortify.
- Utilize scripting languages like Shell, Python, PERL, etc., for automating tasks and developing proof-of-concept exploits.
- Collaborate with project teams and clients to understand their security requirements and provide remediation support.
- Prepare comprehensive vulnerability assessment reports, including identified vulnerabilities, potential impact, and recommended remediation measures.
- Conduct report walkthrough discussions and presentations to clients, explaining identified vulnerabilities and their potential impact.
- Actively participate in the security community by attending technical sessions, participating in bug bounty programs, and sharing knowledge and insights.
Requirements:
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Minimum of 1-5 years of experience in penetration testing or a similar role.
- Strong understanding of penetration testing process, methodologies, and best practices.
- Knowledge of OWASP top ten vulnerabilities and the ability to apply appropriate testing techniques.
- Familiarity with emerging threat patterns and compliance standards in the cybersecurity field.
- Experience in black box, grey box, and white box web application penetration testing.
- Experience in mobile application and API penetration testing.
- Experience in infrastructure penetration testing, including network devices, servers, and databases.
- Knowledge of secure code review techniques and ability to identify vulnerabilities in code.
- Strong knowledge of TCP/IP, networks, firewalls, IDS/IPS, routers, switches, and network architecture.
- Experience with vulnerability assessment and penetration testing tools such as Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, and Fortify.
- Proficiency in scripting languages like Shell, Python, PERL, etc., for automating tasks and developing proof-of-concept exploits.
- Preferred certifications: OSCP, CEH, GWAPT.
- Excellent communication skills with the ability to present findings, discuss reports, and provide remediation support to clients.
- Active participation in the security community, including technical sessions and bug bounty programs, is a plus.
Application Process: To apply for this position, please email your updated resume and a cover letter to shwedas@deloitte.com and mthakkar.ext@deloitte.com. In your cover letter, please highlight your relevant experience and qualifications in penetration testing. Only shortlisted candidates will be contacted for further evaluation.
Note: The job description provided above is a general overview and may include additional responsibilities that are not mentioned. The responsibilities and requirements of the role may be subject to change based on the needs of the company.
