C3i Hub
Website:
c3ihub.org
Job details:
Description
As a Lead Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will spearhead initiatives to evaluate, strengthen, and strategically enhance the security posture of our organization’s IT infrastructure, applications, and networks. You will lead and mentor the VAPT team, oversee testing engagements, and ensure best practices are followed throughout the security lifecycle. Your role will be pivotal in driving high-impact security improvements by identifying and mitigating vulnerabilities through advanced assessments, penetration testing, and cross-team collaboration.
Responsibilities
Lead Vulnerability Assessments:
- Oversee and guide comprehensive vulnerability assessments on internal and external systems, networks, and applications.
- Review, refine, and approve testing methodologies and tool usage for consistency and accuracy.
Direct Penetration Testing Efforts:
- Plan, coordinate, and execute complex penetration tests across IT infrastructure, applications, mobile platforms, and network components.
- Lead simulation of advanced cyber-attacks to validate security controls and identify exploitable weaknesses.
Analyze, Review & Report:
- Ensure thorough analysis of findings, highlighting business risk impact alongside technical details.
- Deliver executive-level briefings as well as detailed technical reports with prioritized, actionable recommendations.
Team Leadership & Collaboration:
- Mentor junior engineers, provide training, and foster a knowledge-sharing culture within the security team.
- Collaborate with development, operations, and compliance teams to drive remediation efforts and monitor progress.
Process & Documentation Management
- Maintain and improve VAPT documentation, methodologies, and reporting templates.
- Introduce process improvements to increase efficiency, accuracy, and coverage in testing.
Continuous Security Advancement
- Stay ahead of emerging threats, advanced exploitation techniques, and evolving security tools.
- Evaluate and integrate new tools and frameworks into the VAPT process for greater effectiveness.
Eligibility
Educational Background:
Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
Technical Skills:
- Strong command of network protocols, operating systems, and web/mobile technologies.
- Proficiency in leading security testing tools: Nessus, Nmap, Burp Suite, Metasploit, and others.Solid knowledge of IT security standards/frameworks (OWASP, NIST, SANS Top 25) and advanced exploitation techniques.
- Hands-on experience with manual penetration testing, complex scenario simulation, and advanced vulnerability exploitation.
Experience: • 7+ years of relevant experience in VAPT, including at least 2 years in a leadership or senior technical role.
Desired Eligibility
- Broad knowledge of security across applications, databases, networks, servers, Active Directory, and endpoints.Experience with IoT/OT security and embedded protocol testing (UART, I2C, SPI, JTAG, SWD).Knowledge of radio protocol attacks (BLE, Wi-Fi, LoRa, DSP, SDR).Relevant certifications such as OSCP, CEH, or equivalent advanced credentials.
- Strong scripting/programming ability to develop custom exploits and automation.Active participation in security challenges (e.g., Hack the Box, CTFs).Familiarity with both open-source and commercial security tools (Core Impact, Qualys, SQLmap, OWASP ZAP, etc.).
- Willingness to travel for high-priority assessments and engagements.
Travel
As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams.
Communication
Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.
Click on Apply to know more.