- Vulnerability Management: Use a variety of VAPT tools like Burp Suite, OWASP ZAP, Nessus, Nmap, and Postman to assess applications and infrastructure.

- Security Best Practices: Ensure adherence to OWASP Top 10, API Security best practices, and secure coding principles across all development teams.

- Configuration Reviews: Conduct secure configuration reviews for firewalls, servers, endpoints, and API gateways to minimize vulnerabilities.

- DevSecOps: Help integrate security into our development lifecycle, working with Dev and Infra teams to ensure secure deployments.

- Incident Response: Participate in incident response workflows using tools like Splunk or CrowdStrike, and assist in maintaining incident response plans.

- Documentation & Compliance: Write and maintain security documentation, including SOPs.

- Ensure awareness and adherence to regulatory standards such as the RBI Cybersecurity Framework, PCI DSS, and NIST.

- Risk & Audits: Conduct risk assessments, security audits, and third-party security evaluations.

- Collaboration: Work closely with cross-functional teams (Development, Infrastructure, and Compliance) to ensure a unified and secure approach.

Required Skills & Qualifications :

- Experience: 4-6 years of experience in cybersecurity, VAPT, and IT risk management.

- VAPT Tools: Proficiency in VAPT tools for applications and infrastructure.

- Security Frameworks: Strong grasp of OWASP Top 10 and API security frameworks like OAuth 2.0, JWT, and API key management.

- Compliance: Awareness of key regulatory standards like the RBI Cybersecurity Framework and PCI DSS.

Certifications :

- Certified Ethical Hacker (CEH) (Preferred)

- CompTIA Security+ (Good to have)

- Certified Information Security Manager (CISM) (Good to have)

- Certified Information Systems Auditor (CISA) (Good to have)

- Offensive Security Certified Professional (OSCP) (Good to have)