Job Title:  Manager | Vulnerability Assessment & Penetration Testing (VAPT) | Delhi | Cyber Defense & Resilience

Key Responsibilities

• Conduct and oversee Vulnerability Assessment and Penetration Testing (VAPT) for networks, web applications, APIs, cloud environments, and mobile applications.
• Perform in-depth Application Security assessments, including secure code reviews and static & dynamic analysis.
• Assess and enhance API Security by identifying vulnerabilities and recommending security best practices.
• Conduct Configuration Reviews for infrastructure, cloud environments, and enterprise applications to identify misconfigurations.
• Plan and execute Red Team Assessments, simulating real-world attack scenarios to evaluate and strengthen security defenses.
• Develop and execute Social Engineering techniques such as phishing simulations and physical security tests.
• Work closely with stakeholders to remediate identified vulnerabilities and improve the organization's security posture.
• Stay up to date with emerging security threats, attack techniques, and industry trends to improve the attack surface management program.
• Provide mentorship and guidance to junior security professionals in the team.
• Develop reports and present security findings to senior management and key stakeholders.

Required Qualifications & Skills:

• Experience: 7+ years of experience in cybersecurity, with a strong focus on attack surface management, penetration testing, and red teaming.
• Technical Expertise: Hands-on experience in network & web application penetration testing, API security, application security assessments, and exploit development.
• Red Team Skills: Strong knowledge of adversary simulation, lateral movement techniques, social engineering, and physical security assessments.
• Tools & Techniques: Proficiency in security tools like Burp Suite, Metasploit, Nmap, Nessus, BloodHound, Cobalt Strike, Empire, etc.
• Cloud Security: Experience in securing cloud environments (AWS, Azure, GCP) and assessing cloud attack vectors.
• Certifications (Preferred): OSCP, OSWE, CISSP, CISM, GWAPT, CRTP, CRT, or other relevant security certifications.
• Strong Communication Skills: Ability to convey complex security findings to both technical and non-technical stakeholders.
• Leadership & Collaboration: Experience leading security teams and working cross-functionally with IT, DevOps, and Risk teams.