Role Summary :

We are seeking a high-caliber Cyber Security Analyst (VAPT) to join our software product security team. In this role, you will act as a "Vulnerability & Risk Architect," responsible for the end-to-end lifecycle of vulnerability discovery, assessment, and remediation tracking across diverse infrastructure.

You will leverage enterprise-grade tools like Rapid7 / Nexpose to conduct deep-tier scans of Operating Systems (Linux, Unix, Windows), network perimeters, and cloud-native environments (Docker/Kubernetes).

The ideal candidate is a proactive problem-solver with strong Unix Scripting skills, capable of validating secure configurations against CIS Benchmarks while ensuring compliance with global standards such as ISO 27001, PCI DSS, and RBI Cybersecurity Frameworks.

Responsibilities :

- Vulnerability Assessment & Management: Orchestrate regular authenticated and unauthenticated scans across a hybrid landscape, including Windows, Linux/Unix, Firewalls, Routers, and Databases.

- External Exposure Analysis: Execute rigorous external vulnerability assessments (VA) and exposure analysis to identify and mitigate internet-facing risks.

- Network & Segmentation Testing: Support network segmentation penetration testing and validate that lateral movement paths are effectively blocked.

- Hardening & Configuration Review: Audit systems against CIS Benchmarks and vendor-specific hardening standards; perform post-remediation validation to ensure secure baselines are maintained.

- Container & Cloud Security: Conduct vulnerability scanning for Docker and Kubernetes runtimes and images; support the assessment of cloud workloads across AWS, Azure, and GCP.

- Risk Analysis & Scoring: Analyze vulnerabilities using CVSS scoring, evaluating exploitability and business impact to prioritize critical patching efforts.

- Remediation Coordination: Partner with infrastructure, network, and application teams to drive remediation efforts, tracking SLA metrics and escalating high-risk items.

- Compliance & Audit Governance: Ensure all VAPT activities align with RBI Cybersecurity Framework, ISO 27001, and PCI DSS; provide technical evidence for internal and external audits.

- Linux/Unix Scripting: Develop custom scripts to automate scan data extraction, parsing, and reporting within Unix/Linux environments.

- Reporting & Dashboards: Prepare comprehensive vulnerability reports and executive dashboards to communicate the organization's risk posture to stakeholders.

Technical Requirements :

- VAPT Tooling: 3+ years of hands-on experience with Rapid7, Nexpose, or Tenable.

- OS & Scripting: Strong proficiency in Linux/Unix administration and Unix Scripting for automation.

- Cloud & Containers: Proven experience scanning Docker, Kubernetes, and public cloud (AWS/Azure) assets.

- Hardening Standards: Deep understanding of CIS Benchmarks and secure configuration audits.

- Compliance Frameworks: Practical knowledge of ISO 27001, PCI DSS, and NIST controls.

Preferred Skills :

- Industry Certifications: CEH, OSCP, or CompTIA PenTest+ is highly desirable.

- Web Application Security: Familiarity with OWASP Top 10 and web-level vulnerability assessment tools.

- API Security: Experience scanning and securing RESTful APIs and middleware.

Core Competencies :

- Problem-Solving: A methodical approach to troubleshooting scan failures and identifying false positives.

- Building Work Relationships: Ability to collaborate effectively with infrastructure and development teams to resolve conflicts regarding remediation priorities.

- Responsive Leadership: High degree of responsiveness in managing critical "Zero-Day" vulnerability outbreaks.

- Analytical Rigor: Exceptional attention to detail when analyzing complex vulnerability data and exploitability trends.