Security Consultant - VAPT (Vulnerability Assessment & Penetration Testing)

Job Description

ProArch is a global IT consulting firm providing Security, Data, Application Dev, and Cloud services. Offices are located in the US, UK and India.

ProArch is seeking a highly skilled, seasoned, and motivated Penetration Tester to join our cybersecurity team. The ideal candidate will have a passion for identifying vulnerabilities, exploiting weaknesses, and helping organizations enhance their security posture. As a Security Consultant – VAPT at ProArch, you will play a crucial role in assessing the security of our clients' networks, applications, and systems. This position reports to the Director of Global Cybersecurity Services and will work collaboratively with other delivery managers, Solution Architects, and the CTO Office. Communication skills are essential as this position will be the technical contact point for team members and an escalation point for client relationships.

JOB RESPONSIBILITIES

Conduct comprehensive penetration testing and vulnerability assessments on computer systems, networks, and applications.

Identify and exploit security vulnerabilities through manual testing techniques, automated tools, and other means.

Perform in-depth analysis of test results, documenting and communicating findings to technical and non-technical stakeholders.

Develop and execute detailed test plans and methodologies for conducting penetration tests.

Collaborate with cross-functional teams, including developers, system administrators, and network engineers, to implement remediation strategies and mitigate identified vulnerabilities.

Manage project timelines, deadlines, and expectations – including client interaction.

Stay updated on the latest security threats, attack vectors, and penetration testing techniques, and continuously enhance knowledge and skills in the field of information security.

Assist in the development and improvement of security policies, procedures, and guidelines.

Mentor and provide guidance to junior members of the penetration testing team.

Participate in red teaming exercises and simulate real-world attack scenarios to assess the overall security posture of the organization. Having proficient knowledge in MITRE ATT&CK framework.

Maintain accurate and detailed documentation of testing activities, findings, and recommendations.

Prepare reports documenting identified issues based on internal templates.

Interact with clients to deliver results, provide feedback, and remediation recommendations on findings.

Research emerging security topics and new attack vectors

Perform and review the hardening of the systems and network devices.

Manage project timelines, deadlines, and expectations – including client interactions.

Requirements

TECHNICAL SKILLS

• Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE).
• Experience creating/developing programs from scratch.
• Experience drafting policies, Standards, and procedures.
• Penetration Testing in 3 or more of the following:
• Web Applications
• Network (Internal / External)
• Active Directory
• Mobile Applications
• Cloud Environments
• Phishing
• Tools / Services:
• NMAP
• BurpSuite
• CrackMapExec
• BloodHound
• Ansible
• Terraform
• Git
• Microsoft Azure
• Amazon Web Services
• Google Cloud Provider

REQUIREMENTS

§ At least 5 years of experience in penetration testing and vulnerability assessments, with a focus on web applications, networks, and infrastructure.

§ Must be proficient in python development. Proficiency in other scripting languages such as perl, ruby, etc. is an added advantage.

§ In-depth knowledge of various penetration testing tools and frameworks (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, etc.).

§ Strong understanding of common vulnerabilities and attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and corresponding mitigation techniques.

§ Ability to correlate different threats like Ransomware, APT groups, Malware, Exploit Kits, etc.

§ Familiarity with industry standards and frameworks such as OWASP, OSSTMM, and NIST.

§ Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and related security controls.

§ Excellent analytical and problem-solving skills, with the ability to think creatively and strategically to find vulnerabilities.

§ Effective communication and presentation skills to convey complex technical concepts to both technical and non-technical stakeholders.

§ Development knowledge of common programming languages like java, asp .net, PHP, etc. would be an added advantage.

§ Excellent oral and written communication skills.

EDUCATION AND CERTIFICATION

Bachelor’s degree in computer science/Engineering/IT or significant demonstrable experience in IT/OT security.

Must have leading Penetration Testing/Red Team Certifications such as CompTIA PenTest+, GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), Certified Red Team Operations Professional (CRTOP), EC-Council’s Certified Penetration Testing Professional (C|PENT) or other Penetration Testing certifications.