Role Overview
We are seeking a Vulnerability Assessment and Penetration Testing (VAPT) Specialist to conduct security testing on web and mobile applications. This role is responsible for identifying security weaknesses, documenting findings, and supporting remediation efforts to strengthen application security posture.
The ideal candidate has hands-on experience performing structured security assessments aligned with recognized industry frameworks and can clearly communicate technical findings to both technical and non-technical stakeholders.
Key Responsibilities
- Perform vulnerability assessments and penetration testing on web and mobile applications.
- Execute testing activities in alignment with established security testing frameworks (e.g., OWASP Top 10).
- Prepare comprehensive assessment reports outlining identified vulnerabilities, risk ratings, and remediation recommendations.
- Customize reporting formats when required by internal stakeholders.
- Provide advisory support and technical guidance to development and remediation teams.
- Facilitate meetings or consultation sessions to ensure timely completion of testing activities and remediation follow-ups.
- Independently manage assigned tasks, schedules, and security testing tickets.
- Submit regular progress updates to immediate supervisors.
- Maintain strict confidentiality of sensitive information and assessment results at all times.
Qualifications
Education
Bachelor's degree in Information Technology or any related four-year course.
Experience
- Minimum of 3 years of hands-on experience conducting web and mobile application VAPT engagements.
- Demonstrated experience applying the OWASP Top 10 framework during security testing.
- Technical Skills
- Practical experience using both open-source and commercial security testing tools, such as Kali Linux, Metasploit, Qualys, Nessus, Burp Suite, OWASP ZAP, and similar platforms.
- Working knowledge of web and mobile application development concepts.
- Strong report-writing skills, with the ability to present technical findings in a clear and understandable manner for diverse audiences.
- Certifications (Preferred but Not Required): Relevant cybersecurity certifications such as CEH, CISSP, or equivalent.
