Security Consultant - VAPT (Vulnerability Assessment & Penetration Testing)
Bengaluru, Karnataka, India
ProArchAt ProArch, we help our clients accelerate growth and mitigate risk with IT services, cybersecurity services, application development, cloud computing, and data analytics.
ProArch is a global IT consulting firm providing Security, Data, Application Dev, and Cloud services. Offices are located in the US, UK and India.
ProArch is seeking a highly skilled, seasoned, and motivated Penetration Tester to join our cybersecurity team. The ideal candidate will have a passion for identifying vulnerabilities, exploiting weaknesses, and helping organizations enhance their security posture. As a Security Consultant – VAPT at ProArch, you will play a crucial role in assessing the security of our clients' networks, applications, and systems. This position reports to the Director of Global Cybersecurity Services and will work collaboratively with other delivery managers, Solution Architects, and the CTO Office. Communication skills are essential as this position will be the technical contact point for team members and an escalation point for client relationships.
Conduct comprehensive penetration testing and vulnerability assessments on computer systems, networks, and applications.
Identify and exploit security vulnerabilities through manual testing techniques, automated tools, and other means.
Perform in-depth analysis of test results, documenting and communicating findings to technical and non-technical stakeholders.
Develop and execute detailed test plans and methodologies for conducting penetration tests.
Collaborate with cross-functional teams, including developers, system administrators, and network engineers, to implement remediation strategies and mitigate identified vulnerabilities.
Manage project timelines, deadlines, and expectations – including client interaction.
Stay updated on the latest security threats, attack vectors, and penetration testing techniques, and continuously enhance knowledge and skills in the field of information security.
Assist in the development and improvement of security policies, procedures, and guidelines.
Mentor and provide guidance to junior members of the penetration testing team.
Participate in red teaming exercises and simulate real-world attack scenarios to assess the overall security posture of the organization. Having proficient knowledge in MITRE ATT&CK framework.
Maintain accurate and detailed documentation of testing activities, findings, and recommendations.
Prepare reports documenting identified issues based on internal templates.
Interact with clients to deliver results, provide feedback, and remediation recommendations on findings.
Research emerging security topics and new attack vectors
Perform and review the hardening of the systems and network devices.
Manage project timelines, deadlines, and expectations – including client interactions.
- Familiarity with Security Content Automation Protocols (SCAP), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), or Common Platform Enumeration (CPE).
- Experience creating/developing programs from scratch.
- Experience drafting policies, Standards, and procedures.
- Penetration Testing in 3 or more of the following:
- Web Applications
- Network (Internal / External)
- Active Directory
- Mobile Applications
- Cloud Environments
- Tools / Services:
- Microsoft Azure
- Amazon Web Services
- Google Cloud Provider
§ At least 5 years of experience in penetration testing and vulnerability assessments, with a focus on web applications, networks, and infrastructure.
§ Must be proficient in python development. Proficiency in other scripting languages such as perl, ruby, etc. is an added advantage.
§ In-depth knowledge of various penetration testing tools and frameworks (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, etc.).
§ Strong understanding of common vulnerabilities and attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and corresponding mitigation techniques.
§ Ability to correlate different threats like Ransomware, APT groups, Malware, Exploit Kits, etc.
§ Familiarity with industry standards and frameworks such as OWASP, OSSTMM, and NIST.
§ Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and related security controls.
§ Excellent analytical and problem-solving skills, with the ability to think creatively and strategically to find vulnerabilities.
§ Effective communication and presentation skills to convey complex technical concepts to both technical and non-technical stakeholders.
§ Development knowledge of common programming languages like java, asp .net, PHP, etc. would be an added advantage.
§ Excellent oral and written communication skills.
EDUCATION AND CERTIFICATION
Bachelor’s degree in computer science/Engineering/IT or significant demonstrable experience in IT/OT security.
Must have leading Penetration Testing/Red Team Certifications such as CompTIA PenTest+, GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), Certified Red Team Operations Professional (CRTOP), EC-Council’s Certified Penetration Testing Professional (C|PENT) or other Penetration Testing certifications.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Ansible APT Automation AWS Azure Burp Suite C Cloud CompTIA Computer Science CREST CVSS Exploit GCP GIAC GPEN GXPN Java Kali Linux Malware Metasploit MITRE ATT&CK NIST Nmap Offensive security OSCP OWASP Pentesting Perl PHP Python Red team Ruby SCAP Scripting SQL SQL injection Terraform Vulnerabilities XSS
More jobs like this
Wellington, Wellington, New Zealand Wellington, Wellington, New Zealand Full TimeMid Mid-levelUSD 45K - 84K * USD 45K+ *
Senior Consultant - Security OperationsArtificial Intelligence Azure Cloud Compliance CrowdStrike DFIR +15
Career development Competitive pay Flex hours Health care Medical leave +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open SOC-related jobs
- Open GCP-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs