Penetration Tester - VAPT

Responsibilities:

• We are looking for a motivated and technically skilled Penetration Tester with strong experience in conducting end-to-end Vulnerability Assessments and Penetration Testing (VAPT) across multiple environments.
• The ideal candidate will possess solid technical expertise, strong reporting and scripting capabilities, and the ability to work closely with clients during both pre-sales discussions and project delivery.
• This role offers an excellent opportunity for professionals looking to advance their career within a CREST-aligned security consulting environment, delivering high-impact cybersecurity services to critical industries.
• Penetration Testing & Security Assessments
• Plan, execute, and document penetration tests across web applications, mobile applications, APIs, infrastructure, cloud platforms, and internal/external networks (Black-box, Grey-box, and White-box testing).
• Conduct source code reviews to identify insecure coding practices, logic flaws, and potential vulnerabilities.
• Develop custom proof-of-concept (POC) scripts and exploits using languages such as Python, PHP, JavaScript, and HTML.
• Utilize industry-standard security tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, and WebInspect, alongside manual testing techniques.
• Perform security assessments aligned with recognized frameworks such as OWASP, NIST, CREST, and MITRE ATT&CK.
• Reporting & Documentation
• Produce detailed technical and executive-level reports, including risk assessments and remediation recommendations.
• Develop and maintain standardized testing methodologies, documentation, and reporting templates.
• Conduct peer reviews of security assessments and reports to ensure technical accuracy, clarity, and quality.
• Client Engagement & Pre-Sales Support
• Assist with pre-sales activities, including technical scoping, requirements analysis, and proposal preparation.
• Participate in client meetings to present findings, explain security risks, and recommend mitigation strategies.
• Build and maintain strong client relationships to ensure project success and long-term engagement.
• Team Collaboration & Development
• Mentor and support junior security testers or interns, promoting knowledge sharing and professional development.
• Collaborate with internal teams to enhance testing methodologies, internal tools, and knowledge repositories.
• Stay informed about emerging vulnerabilities, threat trends, and security technologies.

Requirements:

• Minimum 4 years of hands-on penetration testing experience
• CREST CPSA and CRT certifications preferred
• Additional certifications such as OSCP, OSWP, HTB, CBBH, or CISSP are advantageous
• Red Team experience is a plus
• Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices
• Proficiency in scripting and automation using Python, PowerShell, or Bash
• Experience using both automated security tools and manual testing techniques
• Excellent written and verbal communication skills, particularly for technical reporting and client presentations
• Ability to manage multiple projects and deadlines in a fast-paced consulting environment
• Experience with cloud security testing in environments such as AWS, Azure, or GCP
• Understanding of DevSecOps practices and integration of security within CI/CD pipelines
• Familiarity with Red Teaming, adversary emulation, or Purple Team operations
• Participation in bug bounty programs or Capture-the-Flag (CTF) competitions

Application:

• Apply to this job posting, and email your CV with the job title as the subject line to: [email protected]