Security Consultant (VAPT)

Responsibilities

• Perform hands-on security assessments and compliance testing across web applications, mobile applications, APIs, infrastructure, and cloud environments, aligned with regulatory and industry standards such as MAS TRM, OWASP, and CIS benchmarks.
• Conduct web and mobile application penetration testing, including authentication, session management, business logic, and API security testing based on OWASP methodologies (e.g., OWASP Top 10, OWASP ASVS, OWASP MSTG).
• Perform infrastructure and network security assessments, including internal/external penetration testing, configuration reviews, and vulnerability validation.
• Conduct secure code reviews across multiple technology stacks (e.g., Java, Python, JavaScript, Swift, Kotlin), identifying vulnerabilities and recommending remediation.
• Utilize a wide range of tools for offensive security testing, such as Burp Suite, Nmap, Metasploit, Nessus, and cloud-native security tools.
• Perform threat modelling, attack surface analysis, and security design reviews for applications and infrastructure.
• Identify, exploit, and validate vulnerabilities, providing clear technical reporting and remediation recommendations.
• Support red team / adversary simulation exercises where required.
• Stay updated on emerging threats, vulnerabilities, and security trends across application, infrastructure, and cloud domains.

Qualifications & Skills

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Minimum 2 years of hands-on penetration testing / offensive security experience across application, infrastructure, or cloud environments.
• CREST CRT certification is mandatory.
• Additional certifications such as OffSec OSCP, OSCE, OSWE, CRTO, cloud security (AWS/Azure), or red teaming certifications are highly advantageous.
• Strong understanding of web technologies, APIs, authentication mechanisms (OAuth, SAML, JWT), and common security vulnerabilities.
• Experience with infrastructure security concepts, including network protocols, Active Directory, and system hardening.
• Familiarity with cloud security principles, including IAM, shared responsibility model, and cloud-native attack vectors.
• Knowledge of secure development practices and common programming languages is an advantage.
• Strong analytical, problem-solving, and technical troubleshooting skills.
• Excellent communication skills, with the ability to convey complex technical findings to both technical and non-technical stakeholders.
• Ability to manage multiple engagements, work independently, and deliver under tight timelines.