Location: Ghatkopar, Mumbai (Onsite)
Department: Information Security / Offensive Security
Experience: 2–8 Years
Certifications Preferred: OSCP, CEH, eCPPT, eJPT, GWAPT, or equivalent
About the Role
We are seeking a highly skilled Cybersecurity Analyst (Vulnerability Assessment & Penetration Testing) specializing in both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). The ideal candidate will have hands-on experience performing end-to-end security testing across web applications, mobile apps (Android/iOS), APIs, networks, Active Directory environments, and source code.
This role requires a strong understanding of offensive security, exploit development, red teaming methodologies, and secure coding practices to identify, exploit, and document vulnerabilities with actionable recommendations.
Key Responsibilities
- Conduct Vulnerability Assessments and Penetration Tests (VAPT) across:
- Web applications, APIs, and backend services
- Android and iOS mobile applications
- Corporate and cloud networks
- Active Directory and internal infrastructure
- Perform SAST & DAST on custom applications using manual and automated tools.
- Analyze source code (Java, Python, PHP, .NET, etc.) to identify logic flaws and insecure coding practices.
- Execute Red Team exercises, simulate attack chains, and evaluate defense mechanisms.
- Generate detailed technical reports with PoC evidence, exploit steps, risk severity, and remediation guidance.
- Collaborate with development and DevSecOps teams to verify fixes and retests.
- Maintain up-to-date knowledge of the latest vulnerabilities, exploits, and security tools.
- Support compliance assessments and cybersecurity trends.
Required Skills and Expertise
- Strong knowledge of OWASP Top 10, SANS CWE 25, and MITRE ATT&CK frameworks.
- Hands-on experience with tools like Burp Suite, ZAP, Metasploit, Nmap, Nessus, Nikto, MobSF, Frida, Drozer, Postman, SQLMap, etc.
- Deep understanding of authentication flaws, insecure direct object references, API abuse, and privilege escalation.
- Practical experience with Active Directory attacks (Kerberoasting, Pass-the-Hash, LLMNR poisoning, etc.)
- Proficiency in scripting languages (Python, Bash, PowerShell) and code review.
- Excellent analytical, reporting, and communication skills.
Certifications (Preferred but not Mandatory)
- Offensive Security Certified Professional (OSCP)
- Certified Ethical Hacker (CEH)
- eLearnSecurity Certified Professional Penetration Tester (eCPPT)
- GIAC Penetration Tester (GPEN)
- eWPT / eWPTX / eJPT
Educational Qualification
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
- Equivalent hands-on experience may be considered as a substitute for formal education.
Why Join Us
- Opportunity to work on real-world red teaming engagements and advanced VAPT projects.
- Exposure to global clients in the BFSI, IT, and healthcare domains.
- Continuous learning through internal labs, CTFs, and tool research.
- Competitive pay, certification sponsorship, and a growth-oriented culture.
