Vulnerability Assessment & Penetration Testing Analyst

Job Summary:

We are seeking a highly skilled Vulnerability Assessment and Penetration Testing (VAPT) Analyst in a GCS India IT team with a minimum of 4 years of experience in the Application Security field. The ideal candidate will possess a comprehensive understanding of application penetration testing, secure Software Development Life Cycle (SDLC) design, and a robust knowledge of Vulnerability Management. The position involves performing application security assessments, assisting with security best practices, and conducting thorough Vulnerability Assessments and Penetration Testing.

Primary Duties & Responsibilities:

• Conduct application-level penetration testing, as well as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), to identify vulnerabilities.
• Perform secure code reviews and contribute to secure SDLC design to ensure the development of resilient applications.
• Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats.
• Execute Vulnerability Management (VM) plans, coordinating, monitoring, and supporting activities related to security patching, configuration management, and attack surface management.
• Facilitate and coordinate vulnerability assessments and scans, review assessment results, and oversee remediation activities for network and infrastructure devices.
• Configure and maintain regular and ad-hoc vulnerability scans against internal and external IT infrastructure.
• Demonstrate proficiency in standards such as ISO 27001, PCI DSS, NIST, and OWASP to ensure compliance and adherence to best practices.
• Utilize tools such as BurpSuite, Nessus, NMap, Kali Linux, Qualys, and Nessus for effective vulnerability assessment and penetration testing.
• Develop and maintain detailed technical documentation, including design documents, test plans, project plans, and procedures.
• Collaborate with stakeholders to plan, track, schedule, and execute assessments effectively.
• Utilize problem-solving, planning, and analytical skills to drive continuous improvement in VAPT processes.
• Interact with stakeholders in a collaborative manner to deliver results, provide feedback, and offer remediation recommendations based on findings.
• Demonstrate excellent analytical, communication, and problem-solving skills in all aspects of the role.

Required Skills & Attributes:

• Minimum of 4 years of experience in Application Security, Vulnerability Assessment, and Penetration Testing.
• In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies.
• Strong experience in conducting application-level testing using SAST and DAST techniques.
• Proficiency in vulnerability management processes and tools such as Qualys and Nessus.
• Familiarity with industry standards and frameworks such as ISO 27001, PCI DSS, NIST, and OWASP.
• Hands-on experience with penetration testing tools like BurpSuite, NMap, Kali Linux, etc.
• Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.
• Proven ability to work collaboratively in a team environment and independently when required.

Required Qualifications:        

• Bachelor's degree in Computer Science/information technology or other related degree.
• Relevant certifications such as CEH, OSCP, CISSP, or equivalent are preferred.