Cyber Security Engineer - VAPT

Job Description :

Experience : 5+ years in Cybersecurity

Location : Hyderabad

Job Summary :

We are seeking a seasoned Cyber Security Engineer with a minimum of five (5) years hands-on experience in Vulnerability Assessment & Penetration Testing (VAPT) and security testing across web applications, APIs, networks, and databases. The ideal candidate will combine strong technical skills in programming and scripting with deep familiarity with industry-standard security standards, tools and methodologies.

Key Responsibilities :

Vulnerability Assessment & Penetration Testing :

- Plan and execute black-box, white-box, and gray-box penetration tests.

- Identify, analyze, and report security vulnerabilities in web applications, REST/SOAP APIs, network infrastructures, and database systems.

Security Testing :

- Perform security code reviews and static/dynamic analysis on application source code.

- Execute automated and manual security test cases, including OWASP Top 10, SANS Top 25, and API-specific risks.

Tooling & Automation :

- Develop and maintain custom scripts and tooling to automate reconnaissance, scanning, exploitation, and reporting.

- Integrate security testing into CI/CD pipelines and DevSecOps workflows.

Risk Analysis & Reporting :

- Assess business impact and prioritize vulnerabilities by severity and exploitability.

- Produce clear, actionable reports and work with development teams to validate fixes.

Collaboration & Advisory :

- Liaise with developers, DevOps, and IT/network teams to remediate security findings.

- Provide guidance on secure coding practices, hardening configurations, and security best practices.

- Providing assistance to other teams (project, commercial, product, customer success) in answering cyber security related questions raised by/in customer/project tenders.

Required Qualifications :

- Bachelors degree in computer science, Information Security, or related field.

- 3+ years of professional experience in VAPT and security testing.

Technical Skills :

Programming & Scripting :

- Proficient in at least two of : Python, Java, C#, Ruby, Go, or JavaScript/TypeScript.

- Shell scripting (Bash/PowerShell) for automation.

Security Tools & Frameworks :

- Web/API testing : Burp Suite, OWASP ZAP, Postman, SoapUI.

- Network scanning : Nmap, Nessus, OpenVAS.

- DB security : SQLMap, DbProtect, manual SQL injection testing.

- Static/Dynamic analysis : SonarQube, Trivy, Fortify, Checkmarx, Veracode.

Protocols & Technologies :

- HTTP/S, REST, SOAP, TCP/IP, DNS, LDAP, OAuth/OIDC, JWT.

- Database platforms : MySQL, PostgreSQL, SQL Server, Oracle.

Standards & Compliance :

- Familiarity with OWASP Top 10, SANS Top 25, PCI-DSS, ISO 27001/27002, NIST.

Preferred Skills :

- Experience with cloud security testing (AWS, Azure, GCP).

- Familiarity with container and orchestration security (Docker, Kubernetes).

- Certification(s) : OSCP, CEH, CISSP, CISM, or similar.

- Hands-on in DevSecOps integration and security automation frameworks (e.g., Jenkins, GitLab CI, Terraform).

Soft Skills :

- Strong analytical and problem-solving abilities.

- Excellent written and verbal communication for clear reporting and stakeholder engagement.

- Ability to work independently and as part of a cross-functional team.