Vulnerability Assessment & Penetration Testing Lead - DevSecOps

Job Description: Manager / Senior Manager / Associate Director VAPT Locations: Mumbai Experience Required: 6 to 12 years Certifications: OSCP (Mandatory); OSCE, CISSP, GPEN, CEH (Preferred) Work Mode: Onsite (Mumbai / Bangalore) Role Type: Individual Contributor (IC) with Team & Project Management Responsibilities Position Summary: We are looking for an experienced Manager / Senior Manager / Associate Director VAPT to lead and execute security assessments across web, mobile, infrastructure, network, cloud, and source code review domains. This role requires a strong blend of technical expertise, strategic thinking, and leadership skills to drive VAPT engagements, mentor teams, and collaborate with business and technical stakeholders. The ideal candidate should be comfortable in an IC role while also managing teams, client engagements, and security projects. Key Leadership & Execution: - Conduct and manage end-to-end penetration testing across web, mobile, infrastructure, network, cloud, and source code. - Identify, exploit, and document security vulnerabilities and provide actionable remediation plans. - Perform manual and automated security assessments with advanced attack simulation techniques. - Develop and implement VAPT methodologies, frameworks, and security guidelines. - Ensure compliance with security standards such as ISO 27001, NIST, OWASP, PCI-DSS, GDPR, RBI guidelines, and MITRE ATT&CK. - Drive cloud security assessments (AWS, Azure, GCP) and DevSecOps integration. People & Project Management : - Lead and mentor teams of security analysts, penetration testers, and consultants. - Foster a culture of continuous learning, technical excellence, and security innovation. - Conduct internal security training sessions and knowledge-sharing initiatives. - Manage project timelines, resource allocation, and client expectations. Client & Stakeholder Engagement: - Collaborate with CISOs, IT security teams, and developers to mitigate security risks. - Present findings, risk analysis, and remediation strategies to technical and non-technical audiences. - Support business development efforts by contributing to RFPs, pre-sales, and security & Skills : - 6 to 12 years of hands-on experience in VAPT, with expertise in web, mobile, network, infrastructure, cloud, and source code security. - Mandatory: OSCP Certification (OSCE, CISSP, GPEN, CEH preferred). - Strong manual penetration testing expertise beyond automated scanners. - Proficiency with security tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, AppScan, Fortify, Checkmarx, and Wireshark. - Deep understanding of secure coding principles in languages like Java, Python, JavaScript, C++, and PHP. - Experience in threat modeling, attack simulations, and red teaming. - Strong knowledge of cloud security frameworks and DevSecOps principles. - Excellent problem-solving, analytical, communication, and stakeholder management skills. (ref:hirist.tech)

Location: mumbai, IN

Posted Date: 5/7/2025