Security Consultant - VAPT (Vulnerability Assessment & Penetration Testing)

Bengaluru, Karnataka, India

Applications have closed


At ProArch, we help our clients accelerate growth and mitigate risk with IT services, cybersecurity services, application development, cloud computing, and data analytics.

View company page

Job Description

ProArch is a global IT consulting firm providing Security, Data, Application Dev, and Cloud services. Offices are located in the US, UK and India.

ProArch is seeking a highly skilled, seasoned, and motivated Penetration Tester to join our cybersecurity team. The ideal candidate will have a passion for identifying vulnerabilities, exploiting weaknesses, and helping organizations enhance their security posture. As a Security Consultant – VAPT at ProArch, you will play a crucial role in assessing the security of our clients' networks, applications, and systems. This position reports to the Director of Global Cybersecurity Services and will work collaboratively with other delivery managers, Solution Architects, and the CTO Office. Communication skills are essential as this position will be the technical contact point for team members and an escalation point for client relationships.


Conduct comprehensive penetration testing and vulnerability assessments on computer systems, networks, and applications.

Identify and exploit security vulnerabilities through manual testing techniques, automated tools, and other means.

Perform in-depth analysis of test results, documenting and communicating findings to technical and non-technical stakeholders.

Develop and execute detailed test plans and methodologies for conducting penetration tests.

Collaborate with cross-functional teams, including developers, system administrators, and network engineers, to implement remediation strategies and mitigate identified vulnerabilities.

Manage project timelines, deadlines, and expectations – including client interaction.

Stay updated on the latest security threats, attack vectors, and penetration testing techniques, and continuously enhance knowledge and skills in the field of information security.

Assist in the development and improvement of security policies, procedures, and guidelines.

Mentor and provide guidance to junior members of the penetration testing team.

Participate in red teaming exercises and simulate real-world attack scenarios to assess the overall security posture of the organization. Having proficient knowledge in MITRE ATT&CK framework.

Maintain accurate and detailed documentation of testing activities, findings, and recommendations.

Prepare reports documenting identified issues based on internal templates.

Interact with clients to deliver results, provide feedback, and remediation recommendations on findings.

Research emerging security topics and new attack vectors

Perform and review the hardening of the systems and network devices.

Manage project timelines, deadlines, and expectations – including client interactions.



  • Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE).
  • Experience creating/developing programs from scratch.
  • Experience drafting policies, Standards, and procedures.
  • Penetration Testing in 3 or more of the following:
  • Web Applications
  • Network (Internal / External)
  • Active Directory
  • Mobile Applications
  • Cloud Environments
  • Phishing
  • Tools / Services:
  • NMAP
  • BurpSuite
  • CrackMapExec
  • BloodHound
  • Ansible
  • Terraform
  • Git
  • Microsoft Azure
  • Amazon Web Services
  • Google Cloud Provider


§ At least 5 years of experience in penetration testing and vulnerability assessments, with a focus on web applications, networks, and infrastructure.

§ Must be proficient in python development. Proficiency in other scripting languages such as perl, ruby, etc. is an added advantage.

§ In-depth knowledge of various penetration testing tools and frameworks (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, etc.).

§ Strong understanding of common vulnerabilities and attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and corresponding mitigation techniques.

§ Ability to correlate different threats like Ransomware, APT groups, Malware, Exploit Kits, etc.

§ Familiarity with industry standards and frameworks such as OWASP, OSSTMM, and NIST.

§ Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and related security controls.

§ Excellent analytical and problem-solving skills, with the ability to think creatively and strategically to find vulnerabilities.

§ Effective communication and presentation skills to convey complex technical concepts to both technical and non-technical stakeholders.

§ Development knowledge of common programming languages like java, asp .net, PHP, etc. would be an added advantage.

§ Excellent oral and written communication skills.


Bachelor’s degree in computer science/Engineering/IT or significant demonstrable experience in IT/OT security.

Must have leading Penetration Testing/Red Team Certifications such as CompTIA PenTest+, GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), Certified Red Team Operations Professional (CRTOP), EC-Council’s Certified Penetration Testing Professional (C|PENT) or other Penetration Testing certifications.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Active Directory Ansible APT Automation AWS Azure Burp Suite C Cloud CompTIA Computer Science CREST CVSS Exploit GCP GIAC GPEN GXPN Java Kali Linux Malware Metasploit MITRE ATT&CK NIST Nmap Offensive security OSCP OWASP Pentesting Perl PHP Python Red team Ruby SCAP Scripting SQL SQL injection Terraform Vulnerabilities XSS

Region: Asia/Pacific
Country: India
Job stats:  42  12  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.