VAPT & Information Security Specialist

About the company

Ventura is an omnichannel trading and investment platform with a nationwide network of branches, sub-brokers, and digital channels. Founded in 1994, the company is now in its next phase of growth, driven by a digital-first, direct-to-consumer strategy.

To accelerate this transformation, Ventura has built a dedicated fintech vertical focused on digital innovation, modern platforms, and data-led marketing.

Join us if you like to:

• Vulnerability Management & Penetration Testing
• Conduct vulnerability assessments and penetration testing (VAPT) for web applications, networks, APIs, Mobile, Cloud (AWS) and infrastructure.
• Embed security testing in CI/CD (SAST/DAST, dependency/SBOM scans) and track remediation SLAs.
• Analyse and mitigate OWASP Top 10, SANS 25 and business-logic flaws; coach developers on secure patterns.
• Prioritise vulnerabilities based on risk levels and provide actionable remediation strategies.
• Work with development and infrastructure teams to validate and verify vulnerability fixes.

Security Assessment & Risk Analysis

• Perform comprehensive security assessments of client systems, networks, and applications to identify vulnerabilities and security gaps.
• Conduct risk assessments and threat modelling to evaluate potential cyber threats and business impacts.
• Analyse existing security controls and recommend improvements based on industry best practices.
• Document findings and present detailed risk assessment reports to stakeholders.

Security Policies & Governance

• Develop, review, and maintain information security policies, standards, and procedures.
• Assist organisations in implementing security governance frameworks.
• Ensure policies align with industry standards and organisational security objectives.
• Support the development of incident response plans and business continuity strategies.

Compliance &Security Audits

• Conduct security audits and gap assessments against regulatory and compliance frameworks.
• Support compliance initiatives related to SEBI CSCRF, ISO 27001, DPDP, GDPR, NIST, and SOC 2.
• Prepare audit documentation and assist during internal and external security audits.
• Monitor compliance status and recommend corrective actions.

Incident Response Support

• Assist in investigating security incidents and cyber threats.
• Analyse logs and security alerts to identify potential attacks.
• Support incident response teams in containment, remediation, and recovery activities.
• Provide post-incident analysis and recommend security improvements.

What you’ll need to bring:

• 2-7 years of relevant experience in the cybersecurity domain
• Proven hands-on VAPT for Web/Mobile/API and Network/ Cloud assessments.
• Strong knowledge of OWASP Top 10 (attacks and defences).
• Security best practices for AWS, Azure, and Google Cloud
• Data protection and encryption in cloud environments
• Experienced in security tools such as Burpsuite, Nessus, Qualys, Metasploit, and Nmap, Trivy to identify vulnerabilities.
• Ability to review and add WAF rulesets in AWS WAF and ModSecurity according to business requirements.
• Working knowledge of cloud security and core components in AWS(e.g., S3, Load Balancers, Kubernetes, Docker).
• Experienced in audit planning and execution
• Compliance management for frameworks such as SEBI CSCRF, ISO 27001, GDPR, and NIST
• Detailed understanding of IT General Controls (ITGCs) and their implementation.
• Experience working in BFSI industry (Broking industry candidates will be preferred)
• Preferred Certifications: Certified Ethical Hacker (CEH), ISO27001:LA/LI, CISA, CISSP