VAPT Analyst

Job Title : Information Security VAPT Analyst 1

Experience Required : 2 to 4 years

Job Location : Delhi

Position Type : Full-Time

About the Role :

We are seeking a highly motivated and detail-oriented Information Security VAPT Analyst (Level 1) to join our cybersecurity team. The ideal candidate will have 24 years of experience in performing Vulnerability Assessments (VA) and Penetration Testing (PT) across network infrastructure, cloud platforms, and applications. You will play a key role in identifying vulnerabilities, analyzing risks, and helping to strengthen the organizations overall security posture.

Key Responsibilities :

Vulnerability Assessment (VA) :

- Perform vulnerability assessments on AWS (IaaS, SaaS, and PaaS) environments.

- Identify and prioritize vulnerabilities based on severity and risk.

- Prepare detailed VA reports including findings, impact, and remediation steps.

Penetration Testing (PT) :

- Identify exploitable vulnerabilities and evaluate the effectiveness of existing security controls.

- Provide detailed PT reports with proof of concept (PoC), impact assessment, and mitigation strategies.

Device Hardening :

- Ensure devices align with organizational security baseline standards.

- Maintain detailed documentation of hardening processes and configurations.

Application Security Assessment :

- Conduct static and dynamic code analysis.

- Identify coding flaws and provide secure development recommendations.

- Familiarity with OWASP Top 10 vulnerabilities is essential.

Log Review and Analysis :

- Detect anomalies or suspicious activity for further investigation.

- Prepare reports summarizing log analysis findings and recommended corrective actions.

Deliverables :

- Detailed vulnerability and penetration testing reports.

- Impact analysis and practical, actionable recommendations.

- Periodic status updates and executive summaries for stakeholders.

- Final compiled reports focusing on critical vulnerabilities and remediation paths.

Technical Skills Required :

Hands-on experience in :

- Network Security Assessment

- Web and Mobile Application Security Testing

- Manual and Automated Penetration Testing

Strong understanding of :

- TCP/IP, basic networking principles

- OWASP Top 10

Experience with tools like :

- Kali Linux, Metasploit, Burp Suite, Paros Proxy, Nmap, Armitage, Maltego, Nessus, Nexpose, Wireshark, SQLmap

Experience in :

- Using publicly available exploit codes

- Performing red team activities, reconnaissance, and vulnerability research in lab environments

Qualifications :

- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

- Certified Ethical Hacker (CEH) certification is mandatory.