VAPT Testing Engineer

Description

The Security Vulnerability and Penetration Testing (VAPT) Engineer will oversee and serve as a technical resource for all assessment activity related to the security posture of existing and proposed firm systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of information systems per the firm's business objectives, regulatory requirements, and strategic goals.

Responsibilities:

Perform security penetration testing of the Firm's systems, platforms, and applications

Serve as a Subject Matter Expert (SME) for the VAPT function

Serve as the system owner for common VAPT toolsets, platforms, and processes

Provide technical assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles

Skills and Experience:

Possess a Computer Science bachelor's degree or substantially equivalent experience

CISSP required

GIAC GPEN or GWAPT preferred

Offensive Security OSCP required

Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking

Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables

Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave

Expertise with common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.

Expertise with mobile platform security technology, including vulnerability identification and exploitation tools, as well as mobile platform security best practices, frameworks, etc.

Understands VAPT in the context of risk management and organizational priorities

Passionate in the practice and pursuit of VAPT excellence

Able to validate the presence of identified vulnerabilities with accuracy

Mastery of common application platforms and technologies to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins

Authoritative mastery of OWASP, CVE, general security controls, and other foundational topics, such as the latest application and operating system exploits

Expert knowledge of common scripting and programming languages is advantageous.

Ongoing commitment to understanding the threat landscape and common adversary motivations/practices. Ability to quickly adapt practices to evolving circumstances

Able to maintain critical thinking and composure under pressure

Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English

Capable of assisting with the preparation of internal training materials and documentation

Able to be productive and maintain focus without direct supervision

Benefits:

In addition to standard medical, dental, and vision plans, we offer a comprehensive benefits package that includes:

Tuition Reimbursement: Support for your continued education and professional development

Profit Sharing: Share in the company's success with our profit-sharing program

Generous Paid Time Off: Enjoy a minimum of 20 days of PTO in your first year of employment

401(k) Plan: Automatic enrollment with a firm contribution rate of 5%. You are 100% vested from day one, with a 50% firm match up to 5%

Paid Monthly Parking: Up to $100 per month to cover your parking expenses

Student Loan Repayment: Assistance to help you manage and repay your student loans

Adoption Assistance Program: Financial support for employees expanding their families through adoption

Referral Bonus Program: Earn $2k bonus for referring qualified candidates to join our team

BAgile Program: Enjoy a hybrid schedule that allows you to work from home 2 days a week, in the office 2 days a week, with 1 flex day