Job Title:  Assistant Manager | VAPT | Pune | Cyber Defense & Resilience

Key Responsibilities:

• Threat Modeling: Conduct threat modeling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modeling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems.
• Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations.
• Security Risk Analysis: Analyze vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation.
• Incident Response: Assist in responding to security incidents by analyzing threat patterns, supporting forensic investigations, and recommending preventative measures.
• Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices.
• Reporting: Document findings from threat modeling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders.
• Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies.

Required Skills and Qualifications:

• Strong knowledge of Threat Modeling methodologies and tools (e.g., Microsoft Threat Modeling Tool, OWASP Threat Dragon).
• Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit.
• Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID).
• Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security.
• Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences.
• Knowledge of OWASP Top 10, CVE, and vulnerability databases.
• Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus.
• Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable.
• Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus.
• Strong problem-solving skills and the ability to work independently and in a team.
• Prior experience in BFSI would be preferred.

Preferred Qualifications:

• Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications.
• Certified Information Systems Security Professional (CISSP) or similar information security certifications.
• Previous experience in threat hunting, incident response, or application security.
• Understanding of security in Agile/Scrum development processes.