About the role

We are looking for a VAPT Engineer to conduct vulnerability assessments and penetration tests for enterprise clients. The role is based out of our Dombivli office and involves quarterly VAPT engagements with a focus on PCI-DSS compliance. This is a hands-on technical position requiring the ability to independently plan, execute, and report on engagements.

Responsibilities

• Plan and execute network, infrastructure, and web application penetration tests
• Conduct quarterly VAPT engagements aligned to PCI-DSS requirements (Req. 11.3 and 11.4)
• Perform vulnerability scanning using Nessus Professional, Burp Suite, and related tools
• Carry out network segmentation testing and firewall rule validation
• Produce clear, structured pentest reports with risk ratings and remediation guidance
• Map findings to PCI-DSS v4.0, OWASP Top 10, and CVSS scoring
• Conduct pre- and post-remediation scans to validate fixes
• Liaise with client technical teams to discuss findings and support remediation

Requirements

• 2–4 years of hands-on experience in VAPT or offensive security roles
• Proficiency with Nessus, Burp Suite, Metasploit, Nmap, Wireshark, and Nikto
• Sound understanding of TCP/IP networking, protocols, and network architecture
• Experience with web application testing — OWASP Top 10, injection, authentication flaws, API testing
• Familiarity with PCI-DSS requirements and scoping of Cardholder Data Environments
• Ability to write clear vulnerability assessment and penetration test reports
• Working knowledge of Windows and Linux environments

Preferred certifications

CEH

OSCP

CompTIA PenTest+

GPEN / GWAPT

What we offer

• Exposure to enterprise VAPT engagements across BFSI, retail, and healthcare sectors
• Support for professional certifications including CEH and OSCP
• Competitive salary commensurate with experience
• 5-day working week · On-site · Dombivli, Mumbai