**

Role Overview:

VAPT/WAPT is a hands-on tech oriented position. You will play a pivotal role within the Cyber Security Practice and work with delivery teams as well as networks and infrastructure support teams.

· Embed security throughout the lifecycle of software delivery

· Building and defining Security Testing practices

· Play a consultant and advisory role to delivery team and clients

Responsibilities:

· Work closely with Application Development & IT team and serve as a single point of contact for all security testing related activities

· Executing manual network, application penetration tests and security code reviews

· Analyse application security architecture and understand security threats

· Draw Data Flow Diagrams (DFD), prepare threat models, identify threats and suggest mitigation steps

· Design and execute security test cases

· Create and review security test reports and evidences

· Provide recommendations to clients in fixing vulnerabilities

· Develop frameworks and methodologies to evaluate security in new and emerging technologies including mobile application such as IOS, Android etc.

· Assist in building security testing competency

· Mentor and provide technical guidance to team members in executing test cases

· To define testing criteria for systems and applications.

· Write SOPs, SOW’s

· Technical and Process reviews of the team output – represent the team reports to all stakeholders.

· To work with end clients to develop strategies and plans to enforce security requirements, and remediate identified risks / vulnerabilities.

· Assist in building security testing competency

· Bachelor’s Degree (or equivalent) or advanced degree highly desired.

· 5 - 7 years of Security Testing and Project Management Experience

· Good knowledge of network & application security vulnerabilities

· In-depth knowledge and experience with OWASP, SANS, CERT, WASC standards/frameworks for security testing and security code reviews. OSSTMM for network penetration testing

· Experience in manual and automation penetration testing tools and techniques. Should have experience in using tools like Burp, ZAP, Veracode, Fortify, WebInspect, NMap etc.

· Experience in performing threat modelling and identify attack vectors. Must be familiarity with STRIDE and DREAD concepts.

· Must be able to handle tasks/activities with competing priorities

· Must be able to work independently & guide team

· Ability to handle multiple customers simultaneously from different industry verticals

· Ability to manage a diverse team and getting them to deliver as expected

· Ability to handle team challenges and resolve conflicts

· Good verbal and written communication skills with the ability to talk to both business teams and technical teams

· Security certifications such as OSCP, CEH, ECSA, GPEN **