VAPT Manager - Security Tools

Job Description : Senior Manager - VAPT. Experience Required : 5 years. Certification : OSCP (Mandatory), additional certifications (e., OSCE, CISSP, GPEN) are a plus. Work Mode : India to Middle East Onsite. Role Type : Individual Contributor (IC) with People Management Responsibilities. Position Summary : We are seeking a highly experienced Manager - VAPT to lead and execute security assessments across web, mobile, infrastructure, network, and source code review domains. This role requires a deep technical understanding of penetration testing, vulnerability assessments, and secure coding practices. The ideal candidate should be comfortable in an individual contributor (IC) role while also managing teams, mentoring talent, and working closely with key stakeholders to enhance cybersecurity resilience. Key Responsibilities : Technical Leadership & Execution : - Conduct end-to-end penetration testing across web, mobile, infrastructure, network, and source code. - Perform manual and automated security assessments, exploit vulnerabilities, and recommend remediation strategies. - Lead source code reviews to identify security flaws and suggest secure coding practices. - Research and implement advanced attack simulation techniques to improve security posture. - Develop, refine, and enforce VAPT methodologies, frameworks, and best practices. - Ensure compliance with security standards such as ISO 27001, NIST, OWASP, PCI-DSS, GDPR, RBI guidelines, and MITRE ATT&CK. People Management & Mentoring : - Lead and mentor a team of VAPT consultants, penetration testers, and security analysts. - Foster a culture of continuous learning, innovation, and technical excellence. - Conduct technical training sessions and skill-building workshops. Stakeholder & Client Engagement : - Collaborate with internal and external stakeholders to communicate security risks, deliver assessment reports, and present remediation plans. - Work closely with developers, DevSecOps teams, and IT security teams to ensure the implementation of secure coding and network hardening measures. - Support business development efforts by providing technical expertise in client meetings, RFPs, and proposal submissions. Risk & Compliance Management : - Ensure that VAPT assessments align with industry regulations and security compliance mandates. - Keep up to date with the latest cybersecurity threats, vulnerabilities, and emerging attack vectors. Qualifications & Skills : - 10 years of hands-on experience in VAPT, with expertise in web, mobile, network, infrastructure, and source code review. - Mandatory : OSCP certification (OSCE, CISSP, GPEN, or equivalent is a plus). - Strong expertise in manual penetration testing and deep technical proficiency with security tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, AppScan, Fortify, Checkmarx, and Wireshark. - Proficiency in secure coding across multiple languages (Java, Python, JavaScript, C++, PHP, etc. - Experience with red teaming, threat modeling, and attack simulation. - Strong analytical and problem-solving skills with the ability to conduct deep technical security research. - Excellent stakeholder management, reporting, and communication skills. - Hands-on experience with cloud security assessments (AWS, Azure, GCP) is a plus. (ref:hirist.tech)

Location: mumbai, IN

Posted Date: 5/7/2025