- Vulnerability Assessment & Penetration Testing (VAPT) : Conduct comprehensive vulnerability assessments and penetration tests for web applications, networks, and systems, identifying security weaknesses and potential exploitation vectors.

- Secure Source Code Review : Perform secure source code reviews to identify coding flaws and vulnerabilities early in the development lifecycle.

- Web Application Security : Apply excellent understanding of web application security principles, secure coding practices, and actively seek out business logic vulnerabilities in applications using both black box and white box testing methodologies.

- Security Standards Adherence : Proficiently apply Application Security concepts and maintain familiarity with OWASP Top 10 and other relevant OWASP and SANS standards.

- Tool Proficiency : Utilize and manage application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Acunetix, TOSpider, Burp Suite Pro, Nessus, Nexpose) effectively for comprehensive assessments.

- Bug Bounty Participation : Leverage experience in Bug Bounty programs to enhance internal VAPT capabilities and identify critical vulnerabilities.

- Reporting & Documentation : Write precise, technical reports and detailed documentation of findings, vulnerabilities, remediation steps, and security advisories.

- Incident Investigation : Investigate security breaches and other cybersecurity incidents, assisting in root cause analysis and recommending corrective actions.

- Patch Management : Contribute knowledge on Patch Fixing methodologies to support the remediation process.

- Collaboration : Work collaboratively with development, operations, and IT teams to provide actionable security recommendations and support their implementation.

Required Candidate Profile :

- B.Tech / B.E. / BCA / BSc in Computer Science or Information Technology.

- Minimum 4+ years of hands-on professional experience in vulnerability assessment, penetration testing, and Bug bounty programs.

- Preference will be given to candidates with demonstrable professional experience in VAPT.

- Certification : OSCP or similar security certifications are highly preferred.

- Excellent understanding of web application security principles and secure coding best practices.

- Proficient in Application Security concepts and familiar with OWASP Top 10.

- Strong understanding of vulnerability assessment/penetration testing methodologies.

- Proven ability to write clear, concise, and comprehensive technical reports and detailed documentation.

- Experience in conducting VAPT and secure source code review.

- Hands-on experience with application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Acunetix, TOSpider, Burp Suite Pro, Nessus, Nexpose).

- Direct experience in Bug Bounty programs.

- In-depth knowledge and experience with OWASP and SANS standards.

- Expertise in Web App Security including Burp Suite, manual & automated testing, and comfortable in Black Box/White Box testing with the capability of finding business logic vulnerabilities (in line with OWASP testing guide).

- Knowledge on Patch Fixing methodologies.

- Ability to investigate security breaches and other cybersecurity incidents.

- Strong analytical, problem-solving, and critical thinking skills.

- Excellent verbal and written communication skills.