GISPL
Website:
gisconsulting.in
Job details:
About GISPL
G-Info Technology Solutions Pvt. Ltd. (GISPL) is a CERT-In empaneled cybersecurity consulting and information security services organization with over a decade of expertise in cybersecurity consulting, compliance implementation, forensic investigations, and security testing. Established in 2012, GISPL operates globally across India, UAE, USA, Canada, and Australia, delivering high-impact cybersecurity and compliance solutions to enterprises and government organizations.
We have successfully executed thousands of VAPT engagements, compliance audits (ISO 27001, ISO 42001, SOC 2 Type 1 & Type 2, PCI-DSS, DPDP Act, NIST, GDPR, HIPAA), forensic investigations, and security implementations across BFSI, Telecom, Manufacturing, Healthcare, Government, and other industries.
At GISPL, we combine strong technical expertise with strategic governance capabilities to help organizations strengthen cybersecurity posture, achieve regulatory compliance, and build resilient digital ecosystems.
Role Overview
We are seeking a hands-on VAPT Consultant with CEH, CRTP, CAP certification and practical exposure to red teaming techniques. The primary responsibility will be executing Vulnerability Assessment & Penetration Testing, and Configuration Review engagements across network, web, and mobile (android, and IOS) applications, APIs, and infrastructure environments.
Primary Responsibilities
Network & Infrastructure Security Testing
• Conduct Internal and External Network VAPT (PTES, NIST, MITRE ATT&CK, CIS Benchmark)
• Perform vulnerability scanning and manual validation
• Identify misconfigurations in network infra-assets (firewalls, servers (physical in-house and cloud), routers, switches, Active Directory (AD), and endpoints)
• Conduct basic to intermediate Active Directory security assessments
Web and Mobile (APK and IOS) Applications & API Security Testing
• Perform Web Application Penetration Testing (OWASP Top 10)
• Static and Dynamic Security Assessment of Mobile (APK and IOS) Applications (OWASP Mobile Top 10, MSTG)
• API Security Testing
• Session management, authentication & authorization testing
• Business logic validation
Reporting & Documentation
• Prepare detailed VAPT reports (Technical + Executive Summary)
• Provide CVSS-based risk ratings
• Provide remediation recommendations
• Conduct report walkthrough sessions with client teams
• Explain vulnerabilities to client with a discussion on different approaches to the remediation of reported vulnerabilities.
• Perform revalidation testing after fixes.
Secondary Responsibilities (Red Team Exposure)
• Assist in phishing simulation campaigns
• Support basic lateral movement testing
• Assist in AD enumeration (BloodHound, Kerberoasting, etc basics)
• Participate in red team engagements under supervision
• Help simulate adversary techniques aligned with MITRE ATT&CK
(Note: Advanced adversary simulation, C2 infrastructure setup, and exploit development are not primary expectations for this role.)
Required Skills
• CEH (Certified Ethical Hacker) – Mandatory
• Mobile application penetration testing, red teaming, and cloud security assessment.
• 2–5 years of hands-on VAPT experience
• Strong understanding of:
o TCP/IP, DNS, HTTP, SSL/TLS
o Linux, Unix, Mac & Windows systems
o Active Directory fundamentals and intermediate
• Knowledge of OWASP Top 10 vulnerabilities (Web, Mobile, APIs)
• Familiarity with MITRE ATT&CK framework
• Basic scripting knowledge (Python / Bash / PowerShell preferred)
Tools Experience (Hands-on Required)
• Nmap
• Nessus / Qualys
• Burp Suite
• OWASP ZAP
• Metasploit
• Wireshark
• Kali Linux
• BloodHound (basic exposure)
Good to Have (Not Mandatory)
• OSCP / eJPT / CRTP (advantage)
• Cloud security exposure (AWS / Azure)
• Experience in compliance-driven audits (ISO 27001, PCI DSS, RBI, CERT-In)
• SIEM exposure
Soft Skills
• Strong analytical mindset
• Ability to think like an attacker
• Clear documentation and reporting skills
• Client interaction & presentation capability
• Willingness to travel for on-site audits
Click on Apply to know more.